Use OpenID Connect to login to Sophie using your Azure Active-Directory as the Identity Provider (IdP)

Release or Environment

Sophie standalone versions 3.4.x - 3.7.x


Obtaining the Azure AD metadata

As a first step, please obtain the OpenID configuration export. To do this, first retrieve the Directory-ID  of your Azure tenant. The Directory-ID  can be retrieved from the Azure portal:

Next, download the metadata from the following endpoint (replace {directory-id} with the identifier you took from the portal):


Creating the Integration in Sophie

Open the Sophie web-app, go to Settings >> Manage-Users >> Identity Providers:

Click "Add Provider" and select "OpenID Connect v1".
Choose an alias for the new integration, e.g. "Azure AD".
On the bottom of the form you'll have the option to provide the JSON file you retrieved earlier. This will populate most of the required fields:

Take note of the Redirect URI at the top of the form - you'll need that for the next step.

Creating an Application in Azure AD

In the Azure portal, open your AD directory, then "App Registrations". Click "New registration". Name the application (e.g. "loom") and add the Redirect URI you recorded earlier. Click "Create".
Once the application is created, copy the Application ID  and put it in Sophie as the Client-ID . The Application-ID can be found here:

Next, go to the "Certificates & Secrets" tab and issue a new Client secret. Paste the secret under the "Client Secret" in Sophie:

In Sophie, save the form. You're done!
Next time you try to login to your loom instance you should see a new button below the login credentials to login using your new integration:

Article Information

Last Updated:2020-05-13 00:05:14