# Azure AD (Entra ID)

## Instruqt SSO Integration with Azure AD

Set up Single Sign-On (SSO) for `play.instruqt.com` using Microsoft Entra ID (formerly Azure AD). Instruqt's native integration utilizes OpenID Connect (OIDC) to securely authenticate users.

### Prerequisites

* An active Azure AD account with administrative privileges to create and manage application registrations.
* An active Instruqt account with SSO configuration enabled.

### Step-by-Step Configuration

Follow these steps within the Azure Portal to create the necessary application registration and retrieve the required credentials.

#### Step 1: Register a New Application

1. Log in to the [Azure Portal](https://portal.azure.com).
2. Navigate to **Microsoft Entra ID** (or **Azure Active Directory**).
3. In the left-hand menu, select **App registrations**, then click **New registration**.

#### Step 2: Configure Application Settings

1. Give the application a descriptive **Name**, such as `Instruqt SSO`.
2. Under **Supported account types**, select the option that best fits your organization, such as **Accounts in this organizational directory only (Single tenant)**.
3. Under **Redirect URI (optional)**, select **Web** from the dropdown and enter the following URL: `https://sso.play.instruqt.com/login/callback`
4. Click **Register**.

#### Step 3: Create a Client Secret

1. In the left-hand menu for your new application, select **Certificates & secrets**.
2. Under the **Client secrets** tab, click **New client secret**.
3. Provide a descriptive name for the secret and select an expiration period.
4. Click **Add**. **Important:** Immediately copy the **Value** of the client secret. This value will be masked after you leave the page and cannot be retrieved later.

#### Step 4: Retrieve Required Parameters

1. From the left-hand menu, go to the **Overview** page of your application registration.
2. You will find the following two key parameters here:
   * **Client ID:** This is the `Application (client) ID` value.
   * **Domain:** This is the `Directory (tenant) ID` value.

#### Step 5: Finalize Configuration in Instruqt

1. Go to `https://play.instruqt.com/manage/{team-name}/sso`
2. Select the **Azure AD** option.
3. Use the three parameters you retrieved in Step 4 (**Domain**, **Client ID**, and **Client Secret**) to configure the integration.
4. Click **Save**. Users in your organization will be able to sign in to `play.instruqt.com` using their Okta credentials.