Available for Express and Enterprise Editions only.
1. Register a new app
First, you need to log in to the Azure portal as an administrator and register a new app.- In the Azure portal, open the App registrations page.
- Click New Registration.
- Name it
ProphecyEntraIDApp. - Choose the supported account type: Accounts in this organizational directory only (
xxxxx only - Single tenant) - For the Redirect URI, choose Web in the dropdown and use:
https://your-prophecy-ide-url.domain/api/oauth/azureadCallback - Click Register.
2 (Optional): Enable automatic team creation
To automatically create new teams in Prophecy via group mappings, follow these steps.-
In your Prophecy deployment, set the
ENABLE_AUTO_TEAM_CREATIONflag totrue. - Open the Azure portal.
- Open the app that you registered in 1. Register a new app.
- Under Manage, select Token configuration.
- Select Add groups claim.
-
Select the Groups assigned to the application checkbox.
- To change the groups assigned to the application, select the corresponding application from the Enterprise applications list. Select Users and groups and then Add user/group. Select the group(s) you want to add to the application from Users and groups.
- Click Save.
These steps are also listed in the Configure groups optional
claims
section of the Microsoft documentation.
3. API Permission
Next, go to API permissions on the left-hand side and add this set of API permissions:
4. Certificates and Secrets
Then, go to Certificates and Secrets, add a new secret, and note down the value of this secret.5. Client ID
Finally, click on Overview on the left-hand side and note down the Application (client) ID.6. Configure Prophecy to connect with Microsoft Entra ID
- Log in to Prophecy as an admin user.
- Navigate to the SSO tab of the Prophecy Settings page.
- Under Authentication Provider, select Azure Active Directory.
- Enter the Client ID and the Client Secret at minimum.
- Click Save.