Configure OIDC SSO with Microsoft Entra ID (Azure AD) for your organization¶
From version 1.42, Lightrun offers support for Single Sign-On (SSO) using Microsoft Entra ID as your identity provider (IdP) by integrating Lightrun with OIDC (OpenID Connect) integration in Microsoft Entra ID.
Using OIDC, Lightrun functions as a service provider, receiving authentication information from Entra ID, acting as the external identity provider. When SSO is enabled, Lightrun delegates authentication requests to the customer's IdP and grants users access to Lightrun in accordance with the IdP's response.
Once you have set up your SSO with OIDC, proceed to create your Lightrun users in the User Management page.
Setting up SSO involves copying and pasting values between Microsoft Entra ID and the OIDC page in the Lightrun Management Portal, and vice versa.
Set up OIDC SSO using Microsoft Entra ID¶
- Sign in to Microsoft Entra ID and click Add+.
-
Select App registration from the list.
The Register an application dialog opens.
-
Enter the app details. For example, Lightrun-onprem.
-
Click Register.
The application is created.
-
Copy the Application (client) ID.
-
Log in to the Lightrun Management Portal. Navigate to Settings > Identity Configuration > SSO.
-
Select OIDC, and paste the Application (client) ID from Azure to **Identity Provider’s Client ID in Lightrun.
-
Go to Microsoft Entra ID, and click Endpoints and copy the OpenID Connect metadata document value.
-
Paste the value as the Identity Provider’s Discovery URL in the Lightrun portal.
-
In Microsoft Entra ID, under Client credentials, click Add a certificate or secret.
-
Under the Client Secrets tab, click New client secret.
The Add a Client secret dialog opens.
-
Provide an intuitive name in the Description field.
-
Copy the secret value that was generated (not the secret ID).
-
Go to the OIDC tab in the Lightrun Management Portal and paste the secret in the Identity Provider’s Client Secret field.
-
In the OIDC page, copy the Service Provider’s Redirect URI.
-
Go to Microsoft Entra and click Redirect URIs > Add a Redirect URI.
-
Paste the Redirect URI that you copied in step 15.
-
Test the SSO implementation.
In the Lightrun login page, click Single Sign-On.
-
Enter your email and click Log in.
The Permissions requested dialog opens.
-
Select the Consent on behalf of your organization checkbox.
- Click Accept.
You are successfully logged into Lightrun with SSO using Microsoft Entra ID.