/
Enable Entra ID Authentication in Compose Enterprise

Enable Entra ID Authentication in Compose Enterprise

Introduction

This document provides the detail instruction to enabling Entra ID authentication. Either to log in to Compose applications and to use Entra ID as an authentication method in workflows. Here is a step-by-step guide on what to set up in Azure to retrieve the keys/IDs needed to enable it.

Set up Azure - Configuring Application

Navigate to the Azure Active Directory service in Azure portal dashboard as in Figure 1.

image-20250228-170318.png

After opening the Microsoft Entra ID Service, the Microsoft Entra ID service page looks like figure below.
Navigate to the App registrations link.

Click on the New registration button in App registrations page as in Figure 3.

When creating the new application make sure to check the options for Access tokens and ID tokens.

image-20250309-103437.png

After creating the new application, open the application, Application Overview page look like figure 4. In the overview page note the Application (Client) ID and Directory (tenant) ID. These IDs need to be shared with your Compose contact person to configure the AAD for authentication in the Compose application.

Redirect URLs

Then navigate to the Authentication link in Application configuration page. Here you have to configure the Redirect URLs. Add following URLs. Replace the <DOMAIN> with your Compose Enterprise application domain.

https://<DOMAIN>/cng/tokenLogin
https://<DOMAIN>/cng/tokenReLogin
https://<DOMAIN>/cng/tokenSilentRenew
https://<DOMAIN>/cng/loggedOut
https://<DOMAIN>/cng/azureADAuthentication

We use the same App registration for Compose Case Management (CCM) systems as well. Add the following CCM system related redirection URLs. Replace the <DOMAIN> with your CCM application domain.

https://<DOMAIN>/popup_auth.html
https:// <DOMAIN>/relogin_auth.html
https:// <DOMAIN>/silent_auth.html
https:// <DOMAIN>/logout_auth.html

Make sure to add and provide the necessary API permission for the Application as illustrated in the figure below.

API permissions Documentation-20240118-153306.png

And allow the following two configurations in Manifest page as illustrated in the figure below.

The final step is to create a client secret for the application (for AAD authentication in workflows and CCMs). Navigate to the Certificate and secrets page and create the new client secret, by clicking Create new secret.

Client secret values cannot be viewed, except for immediately after creation. Be sure to save the secret when created before leaving the page, see figure 8. The secret is also necessary to share with Compose to configure the AAD authentication in workflows and CCMs.

Checklist – Keys you need to generate (and share with Compose if they are administrating your applications)

Enabling AAD to log in to Enterprise application

  1. Directory (tenant) ID

  2. Application (client) ID

Enabling AAD as Workflow Authentication

  1. Directory (tenant) ID

  2. Application (client) ID

  3. Client secret (Value)

Enabling AAD to log in CCM application

  1. Directory (tenant) ID

  2. Application (client) ID