Add an OpenID Connect-based single sign-on application

Add an application that supports OpenID Connect (OIDC) based single sign-on (SSO) to your Microsoft Entra tenant.

It is recommended that you use a non-production environment to test the steps in this page.

Tip

Steps in this article might vary slightly based on the portal you start from.

Prerequisites

To configure OIDC-based SSO, you need:

  • A Microsoft Entra user account. If you don't already have one, you can Create an account for free.
  • One of the following roles: Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal.

Add the application

When you add an enterprise application that uses the OIDC standard for SSO, you select a setup button. When you select the button, you complete the sign-up process for the application.

To configure OIDC-based SSO for an application:

  1. Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.

  2. Browse to Identity > Applications > Enterprise applications > All applications.

  3. In the All applications pane, select New application.

  4. The Browse Microsoft Entra Gallery pane opens and displays tiles for cloud platforms, on-premises applications, and featured applications. Applications listed in the Featured applications section have icons indicating whether they support federated SSO and provisioning. Search for and select the application. In this example, SmartSheet is being used.

  5. Select Sign-up. Sign in with the user account credentials from Microsoft Entra ID. If you already have a subscription to the application, then user details and tenant information is validated. If the application is not able to verify the user, then it redirects you to sign up for the application service.

    Complete the consent screen for an application.

  6. Select Consent on behalf of your organization and then select Accept. The application is added to your tenant and the application home page appears. To learn more about user and admin consent, see Understand user and admin consent.

Next steps

Learn more about planning a single sign-on deployment.