General

The Entra ID connection is part of the Famedly Enterprise offer. To be able to setup a SSO Flow between Famedly and your Entra ID Tenant please contact support@famedly.com. This guide should show you what steps are required to setup the connection.

Register a new client

You need to register Famedly as a new client. This can be done following these steps:

1. Browse to the App registration menus create dialog to create a new app.

2. Name the app (f.ex. Famedly) and choose who should be able to login (Single-Tenant, Multi-Tenant, Personal Accounts, etc.) This setting will also have an impact on how we need to configure Famedly, so this information needs to be shared later.

3. Choose "Web" in the redirect uri field and paste this URL: https://auth.famedly.de/ui/login/login/externalidp/callback

4. Store the ClientID and TenantID from the details page as these information need to be shared with us.

5. Register the application

Generate client secret

Generate a new client secret which we can use to authenticate the users following these steps:

1. Click on client credentials on the detail page of the application or use the menu Certificates & secrets.

2. Click on + New client secret and enter a description and an expiry date, add the secret afterwards

3. Store the value of the Client Secret. You will not be able to see the value again after some time, however you need to share it with us.

Token configuration

To allow us to get the information from the authenticating user you have to configure what kind of optional claims should be returned in the token.

1. Click on Token configuration in the side menu

2. Click on + Add optional claim

3. Add email, family_name, given_name and preferred_username to the id token

API permissions

To make sure we can request all necessary information, you have to configure the correct permissions.

1. Go to "API permissions" in the side menu

2. Make sure the permissions include "Microsoft Graph": email, profile and User.Read

3. The "Other permissions granted" should include "Microsoft Graph: openid"

Information required by Famedly

To be able to configure Famedly, please provide the following information

Name of your IDP

Client ID

Client Secret

Tenant ID

Tenant Type

⚠️

Note on the use of existing authentication procedures

If you use an existing authentication procedure of your organisation for the login of users or if this is made possible by us as a provider, please note the following:

In this case, the responsibility for the security of user authentication lies with your organisation. Please ensure that the procedure used meets the current security requirements and is regularly maintained.

It must also be ensured that the authentication procedure is fully under the control of your organisation. In particular, this means that authentication means (e.g. passwords, tokens, certificates) can be managed by your organisation and blocked if necessary.

These requirements are necessary to ensure secure and traceable authentication of your users.