Skip to content

Configure OIDC SSO with Microsoft Entra ID (Azure AD) for your organization

From version 1.42, Lightrun offers support for Single Sign-On (SSO) using Microsoft Entra ID as your identity provider (IdP) by integrating Lightrun with OIDC (OpenID Connect) integration in Microsoft Entra ID.

Using OIDC, Lightrun functions as a service provider, receiving authentication information from Entra ID, acting as the external identity provider. When SSO is enabled, Lightrun delegates authentication requests to the customer's IdP and grants users access to Lightrun in accordance with the IdP's response.

Once you have set up your SSO with OIDC, proceed to create your Lightrun users in the User Management page.

Setting up SSO involves copying and pasting values between Microsoft Entra ID and the OIDC page in the Lightrun Management Portal, and vice versa.

Set up OIDC SSO using Microsoft Entra ID

  1. Sign in to Microsoft Entra ID and click Add+.
  2. Select App registration from the list.

    App Registration --half

    The Register an application dialog opens.

  3. Enter the app details. For example, Lightrun-onprem.

    Register --half

  4. Click Register.

    The application is created.

  5. Copy the Application (client) ID.

    Application ID --half

  6. Log in to the Lightrun Management Portal. Navigate to Settings > Identity Configuration > SSO.

  7. Select OIDC, and paste the Application (client) ID from Azure to **Identity Provider’s Client ID in Lightrun.

    application client id --half

  8. Go to Microsoft Entra ID, and click Endpoints and copy the OpenID Connect metadata document value.

    OpenID Connect Metadata document

  9. Paste the value as the Identity Provider’s Discovery URL in the Lightrun portal.

    Identity Provider Discovery URL --half

  10. In Microsoft Entra ID, under Client credentials, click Add a certificate or secret.

    Add a certificate or a secret --half

  11. Under the Client Secrets tab, click New client secret.

    Add a certificate or a secret

    The Add a Client secret dialog opens.

  12. Provide an intuitive name in the Description field.

  13. Copy the secret value that was generated (not the secret ID).

    Copy a certificate or a secret --half

  14. Go to the OIDC tab in the Lightrun Management Portal and paste the secret in the Identity Provider’s Client Secret field.

    Paste in Lightrun a certificate or a secret --half

  15. In the OIDC page, copy the Service Provider’s Redirect URI.

  16. Go to Microsoft Entra and click Redirect URIs > Add a Redirect URI.

    Add a redirect URL --half

  17. Paste the Redirect URI that you copied in step 15.

    Paste the Redirect URI --half

  18. Test the SSO implementation.

    In the Lightrun login page, click Single Sign-On.

    Login to Lightrun --half

  19. Enter your email and click Log in.

    The Permissions requested dialog opens.

    Permissions Login --half

  20. Select the Consent on behalf of your organization checkbox.

  21. Click Accept.

    You are successfully logged into Lightrun with SSO using Microsoft Entra ID.


Last update: December 4, 2024