Skip to main content

Entra SSO Setup

Superblocks single sign-on (SSO) with Entra (formerly Azure AD) lets your team seamlessly authentication and access Superblocks using their Entra credentials. This guide walks trhough how to configure single sign-on for Superblocks.

Prerequisites

To setup SSO for your organization, you'll need:

Setup

Set up single sign-on for Entra by registering an application in the Entra portal. See Microsoft's Quickstart: Register an application with the Microsoft identity platform for full details.

Register an application

  1. Sign in to the Microsoft Entra admin center
  2. Navigate to IdentityApplicationsEnterprise applications
  3. Click + New application
  4. Select + Create your own application
  5. Name the application Create Entra Application
  6. Set Supported account types to Accounts in this organizational directory only
  7. Under Redirect URI select Web and enter https://login.superblocks.com/login/callback
  8. Click Register

Setup authentication

After your app has been registered, configure authentication for the application.

  1. In App registrations select your new application
  2. Under Manage, select Authentication
  3. Set the Front-channel logout URL to https://app.superblocks.com/logout
  4. Under Implicit grant and hybrid flows check the boxes for both Access tokens and ID tokens
  5. Save your configuration
info

For customers on Superblocks EU set the logout URL to https://eu.superblocks.com/logout

Entra Enterprise Application Setup

Add a client secret

Superblocks uses a client secret to authenticate with Entra when requesting user access tokens. To create a client secret for your application:

  1. Under Manage, select Certificates & secrets
  2. On the Client secrets tab, click + New client secret
  3. Enter a description and select an expiration date for your secret
  4. Click Add
  5. Copy the secret value
warning

The secret value will never be shown again after you leave this page. Be sure to copy and save it to a safe place like your password manager.

Configure IdP-initiated login

To allow users to log in to Superblocks directly from Entra instead of initiating the login from Superblocks, follow the steps below to update the login URL for the Entra application.

  1. Under Manage, select Manifest
  2. Scroll down to the signInURL property and set its value to https://app.superblocks.com?connection={MyCompanyName}-AzureAD
warning

Replace {MyCompanyName} with your company’s name. Remove all spaces and special characters from the name. If your company name is multiple words, capitalize the first letter of each word. For example, the company River Bank Technologies would become RiverBankTechnologies

  1. Click Save
Update signInURL for IdP-initiated login

Send IdP info to Superblocks

Once you've configured your Entra application, send the following information to support@superblocks.com

Client ID

The Application (client) ID for your Entra tenant. You can find this value on your app's Overview screen.

Client Secret

The secret value you copied when you added a client secret. Note: we recommend using a secure transfer mechanism such as https://onetimesecret.com or similar to send the secret.

Entra Tenant Domain

Your Entra domain name. You can find this on your Entra tenant overview page in the Microsoft portal.

Other domains

The list of domain and domain aliases your employees should be able to use when logging into Superblocks.