Azure AD / Entra ID
Configure Azure Active Directory for SSO with Parseable
Configure Microsoft Entra ID (formerly Azure AD) for Parseable authentication.
Overview
Integrate Azure AD with Parseable to:
- Microsoft SSO - Use Microsoft 365 identities
- Enterprise Integration - Connect with existing Azure infrastructure
- Conditional Access - Apply Azure AD security policies
- Group-Based Access - Use Azure AD groups for authorization
Prerequisites
- Azure subscription
- Azure AD tenant
- Global Administrator or Application Administrator role
- Parseable instance with OIDC support
Azure AD Configuration
Register Application
- Go to Azure Portal → Azure Active Directory
- Click App registrations → New registration
- Configure:
- Name: Parseable
- Supported account types: Choose appropriate option
- Redirect URI: Web -
https://your-parseable.com/callback
- Click Register
Configure Authentication
- Go to Authentication
- Add platform if needed
- Configure:
- Redirect URIs:
https://your-parseable.com/callback - Front-channel logout URL:
https://your-parseable.com - ID tokens: Check this box
- Redirect URIs:
- Click Save
Create Client Secret
- Go to Certificates & secrets
- Click New client secret
- Add description and expiry
- Click Add
- Copy the secret value immediately (shown only once)
Get Application Details
From Overview, copy:
- Application (client) ID
- Directory (tenant) ID
Parseable Configuration
Environment Variables
P_OIDC_CLIENT_ID=your-application-id
P_OIDC_CLIENT_SECRET=your-client-secret
P_OIDC_ISSUER=https://login.microsoftonline.com/{tenant-id}/v2.0
P_OIDC_REDIRECT_URI=https://your-parseable.com/callbackDocker Compose
version: '3.8'
services:
parseable:
image: parseable/parseable:latest
environment:
- P_OIDC_CLIENT_ID=${AZURE_CLIENT_ID}
- P_OIDC_CLIENT_SECRET=${AZURE_CLIENT_SECRET}
- P_OIDC_ISSUER=https://login.microsoftonline.com/${AZURE_TENANT_ID}/v2.0
- P_OIDC_REDIRECT_URI=https://your-parseable.com/callbackOIDC Endpoints
Azure AD v2.0 endpoints:
| Endpoint | URL |
|---|---|
| Issuer | https://login.microsoftonline.com/{tenant}/v2.0 |
| Authorization | https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize |
| Token | https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token |
| JWKS | https://login.microsoftonline.com/{tenant}/discovery/v2.0/keys |
Group Claims
Include group membership in tokens:
- Go to Token configuration
- Click Add groups claim
- Select group types to include
- Configure token properties
- Click Add
API Permissions
Add required permissions:
- Go to API permissions
- Click Add a permission
- Select Microsoft Graph
- Add:
openidprofileemail
- Click Grant admin consent
Best Practices
- Use Managed Identity - For Azure-hosted Parseable
- Configure Conditional Access - Apply security policies
- Enable MFA - Require multi-factor authentication
- Monitor Sign-ins - Review Azure AD sign-in logs
Troubleshooting
AADSTS Error Codes
| Code | Description | Solution |
|---|---|---|
| AADSTS50011 | Reply URL mismatch | Check redirect URI |
| AADSTS700016 | App not found | Verify client ID |
| AADSTS7000215 | Invalid secret | Check client secret |
Token Issues
- Verify tenant ID is correct
- Check v2.0 endpoint is used
- Verify permissions are granted
Next Steps
- Configure OAuth for other providers
- Set up RBAC in Parseable
- Review security best practices
Was this page helpful?