Setting up Single-Sign On with Azure

This page will guide you through setting up Single-Sign On (SSO) for Tidal Control with Azure and Entra ID.

Find your Entra ID Tenant ID

There are multiple ways to find your tenant ID:

1. You can find your Tenant ID by logging into the Entra ID portal (via https://portal.azure.com) and navigating to the "Overview" page. The Tenant ID is displayed at the top of the page.
2. Alternatively, you can use the well known endpoint to find your Tenant ID by navigating to the following URL: https://login.microsoftonline.com/{DOMAIN_NAME}/v2.0/.well-known/openid-configuration. For example, if you browse to https://login.microsoftonline.com/tidalcontrol.com/v2.0/.well-known/openid-configuration, you will see a JSON response with the Tenant ID in the issuer field, which for our domain (tidalcontrol.com) is set to "19ed3d8f-b009-433e-bd88-8924a8665c48".

Create a new App Registration

The following steps require that you have authorization to create new App Registrations in your Entra ID tenant. If you do not have the necessary permissions, please contact your Entra ID administrator.

1. Navigate to the Azure portal (https://portal.azure.com) and log in.
2. Search and go to "Entra ID".
3. Click on "App registrations" in the left-hand menu.
4. Click on "New registration".
5. Fill in the required fields:
   • Name: Tidal Control - SSO
   • Supported account types: Accounts in this organizational directory only (Single tenant)
   • Redirect URI: Web (https://auth.tidalcontrol.com/realms/{TENANT_NAME}/broker/oidc/endpoint). Replace {TENANT_NAME} with your Tidal Control tenant name. The tenant name can be found when logging in to Tidal: https://portal.tidalcontrol.com/{TENANT_NAME}/.
6. Click on "Save".
7. Copy the "Application (client) ID" and "Directory (tenant) ID" from the overview page. You will need these values later.
8. Click on "Certificates & secrets" in the left-hand menu.
9. Click on "New client secret".
10. Fill in the required fields:
    • Description: Tidal Control - SSO
    • Expires: Choose an expiration date (e.g. 12 months)
    • Click on "Add".
    • Copy the value of the client secret. You will need this value later. NB: Save the client secret in a secure location. You will not be able to retrieve it again.
11. Securely send the "Application (client) ID", "Directory (tenant) ID", and "Client secret" to Tidal Control (support@tidalcontrol.com). For example, you can use a password manager, protect the data with an encrypted ZIP file or a secure messaging service.