Skip to content

Configure OIDC SSO with Microsoft Entra ID (Azure AD) for your organization

From version 1.42, Lightrun offers support for Single Sign-On (SSO) using Microsoft Entra ID as your identity provider (IdP) by integrating Lightrun with OIDC (OpenID Connect) integration in Microsoft Entra ID.

Using OIDC, Lightrun functions as a service provider, receiving authentication information from Entra ID, acting as the external identity provider. When SSO is enabled, Lightrun delegates authentication requests to the customer's IdP and grants users access to Lightrun in accordance with the IdP's response.

Once you have set up your SSO with OIDC, proceed to create your Lightrun users in the User Management page.

Setting up SSO involves copying and pasting values between Microsoft Entra ID and the OIDC page in the Lightrun Management Portal, and vice versa.

Get Lightrun’s Redirection URL

  1. Log in to your Lightrun Management Portal.
  2. Click Settings on the top right-hand side of menubar.

  3. Set OIDC as your SSO Protocol based on your version:

    • For version 1.54 and higher.
      1. Navigate to the Identity Configuration > Login Method tab.
      2. From the list, select Single Sign-On (SSO).
      3. Select OIDC as your SSO protocol.
    • For version 1.53 and earlier.
      1. Navigate to the Identity and Access Management > Identity Configuration > Provisioning
      2. Click SSO toggle to enable SSO.
      3. Select OIDC as your SSO Protocol.

  4. From the Service Provider's Redirect URL field, click Copy.

    This serves as the redirect URL used when configuring the identity provider. Note that at this point, SSO is not enabled with OIDC in Lightrun and will be activated in the next steps.

Set up OIDC SSO using Microsoft Entra ID

  1. Sign in to Microsoft Entra ID and click Add+.

  2. Select App registration from the list.

    App Registration --half

    The Register an application dialog opens.

  3. Enter the app details. For example, Lightrun-onprem.

    Register --half

  4. Click Register.

    The application is created.

  5. Copy the Application (client) ID.

    Application ID --half

  6. Log in to the Lightrun Management Portal. Navigate to Settings > Identity Configuration > SSO.

  7. Select OIDC, and paste the Application (client) ID from Azure to **Identity Provider’s Client ID in Lightrun.

    application client id --half

  8. Go to Microsoft Entra ID, and click Endpoints and copy the OpenID Connect metadata document value.

    OpenID Connect Metadata document

  9. Paste the value as the Identity Provider’s Discovery URL in the Lightrun portal.

    Identity Provider Discovery URL --half

  10. In Microsoft Entra ID, under Client credentials, click Add a certificate or secret.

    Add a certificate or a secret --half

  11. Under the Client Secrets tab, click New client secret.

    Add a certificate or a secret

    The Add a Client secret dialog opens.

  12. Provide an intuitive name in the Description field.

  13. Copy the secret value that was generated (not the secret ID).

    Copy a certificate or a secret --half

  14. Go to the OIDC tab in the Lightrun Management Portal and paste the secret in the Identity Provider’s Client Secret field.

    Paste in Lightrun a certificate or a secret --half

  15. In the OIDC page, copy the Service Provider’s Redirect URI.

  16. Go to Microsoft Entra and click Redirect URIs > Add a Redirect URI.

    Add a redirect URL --half

  17. Paste the Redirect URI that you copied in step 15.

    Paste the Redirect URI --half

  18. Test the SSO implementation.

    In the Lightrun login page, click Single Sign-On.

    Login to Lightrun --half

  19. Enter your email and click Log in.

    The Permissions requested dialog opens.

    Permissions Login --half

  20. Select the Consent on behalf of your organization checkbox.

  21. Click Accept.

    You are successfully logged into Lightrun with SSO using Microsoft Entra ID.

Last update: March 27, 2025