Configure Microsoft Entra ID (Azure Active Directory)

Users can authenticate to Dovetail using Azure Active Directory SSO.

This article will assist you with generating required values from Azure and how to add these values to Dovetail, along with some general troubleshooting steps.

1. Sign in to your Azure Portal.

   Please note

   If you have access to more than one tenant, select the tenant you want to use for Dovetail SSO in the top-right corner.

2. Select Azure Active Directory.

   

   

3. Under Manage, click App registrations.

   

   

4. Click New registration.

5. Enter an application name to display to users.

6. Under Supported account types select Accounts in this organizational directory only.

7. Under Redirect URL select Web and enter https://dovetailapp.com/users/oauth2/callback.

   

   

8. Click Register.

9. Copy the following IDs as they will need to be inserted later into Dovetail.

   • Application (client) ID

   • Directory (tenant) ID

     

     

10. Under Manage click Authentication.

    

    

11. Tick both boxes under Select the tokens you would like to be issued by the authorization endpoint.

    

    

12. Click Save.

13. Under Manage click Certificates & secrets.

    

    

14. Under Client secrets click New client secret.

    

    

15. Enter a description and set an expiration date for your client secret.

    Important

    Please note that Dovetail SSO will stop working if you don’t create a new secret before the old one expires.

16. Copy the generated client secret under Value as this will need to be inserted later into Dovetail.

    

    

    Please note

    Client secret values cannot be viewed, except for immediately after creation. Be sure to save the secret before leaving the page.

1. Navigate to the authentication page in workspace settings.

2. Find the Authentication options card.

3. Enable Single sign-on by clicking the toggle switch.

4. Using the IDs and client secret that we copied earlier,

   • Enter the Application (client) ID as the Client ID.

   • Enter the Secret value as the Client secret.

5. In the Discovery URL input, enter  https://login.microsoftonline.com/TENANT/v2.0/.well-known/openid-configuration replacing TENANT with the Directory (tenant) ID that we copied earlier.

6. Enter your email domain under Verified email domains.

   

   

Below you will find some general errors that you or your users may see when trying to log in with Azure AD.

If your error does not match any of the following, please reach out to us through this contact form and we'll be able to help out!

Email not verified

This error is generally caused if your domain has not been added as a verified email domain. To resolve this, a workspace admin will need to enter it by:

1. Navigating to the authentication page in workspace settings.

2. Finding the Authentication options card.

3. Entering your email domain under Verified email domains.

Invalid authentication details

This error appears when Dovetail cannot validate specific user data provided by Azure. Most commonly, when there is no email assigned to the user in your Azure Active Directory.

To resolve this, your Azure Active Directory admin will need to:

1. Navigate to the Users section of your directory and select the user with the missing email.

2. Select Edit properties.

3. Navigate to Contact information.

4. Enter the user's email and press Save.