Microsoft Entra ID (formerly Azure AD)

Curiosity supports Single Sign-On using Microsoft Entra ID (the new name for Azure Active Directory). The integration uses OAuth 2.0 / OIDC.

Prerequisites

You will need the following information from the Azure Portal:

• Tenant ID (Directory ID)
• Client ID (Application ID)
• Client Secret

Configuration Steps

1. Register an Azure Application

1. Sign in to the Azure Portal.
2. Search for and select App registrations.
3. Click + New registration.
4. Enter a name (e.g., "Curiosity SSO") and select Accounts in this organizational directory only.
5. Set the Redirect URI type to Web and enter: {domain}/api/microsoftsso/completed-login-attempt
6. Click Register.
7. Note the Application (client) ID and Directory (tenant) ID from the Overview page.

2. Generate a Client Secret

1. In the app registration, go to Certificates & secrets.
2. Click + New client secret.
3. Provide a description and choose an expiration period.
4. Click Add and copy the secret value immediately; it will not be shown again.

3. Configure API Permissions

1. Go to Expose an API and click + Add a scope.
2. Save the Application ID URI and set a scope name (e.g., "SSO").
3. Go to Token configuration and click + Add optional claim.
4. Select ID token type and check email.
5. When prompted, turn on the Microsoft Graph email permission.

4. Enter Details in Curiosity

1. In Curiosity, go to Manage > Settings > Accounts > Single Sign-On.
2. Select Microsoft.
3. Enter the Tenant ID, Client ID, and Client Secret.
4. Click Save.

Troubleshooting

• Ensure the Tenant ID, Client ID, and Client Secret are entered in the correct fields in Curiosity.
• Verify the Redirect URI matches exactly between Azure and Curiosity.