Microsoft Entra (Azure AD) SSO Setup

Microsoft Entra (Azure AD) SSO Setup

Setting up Microsoft Entra (Azure AD) SSO with ThoughtRiver

ThoughtRiver supports integration with Microsoft Entra ID (formerly Azure AD) for Single Sign-On (SSO). This guide provides the steps your technical team needs to follow to configure a new Azure AD application, which will allow your users to authenticate securely via your Entra directory.

Customer Configuration Steps

Please follow the steps below to register and configure the application in your Azure Entra portal:
  1. Go to https://entra.microsoft.com/#home
  2. From the left-hand menu, choose Applications App registrations
  3. Click on 'New registration', give it a friendly name related to ThoughtRiver, and leave all options as default
  4. Once created, you will be taken to the application Overview page. Copy the 'Application (client) ID' – this is needed for ThoughtRiver’s configuration
  5. Click on 'Add a Redirect URI' in the same panel as the Application ID
  6. Click on 'Add a platform', choose 'Web', and set the redirect URI to: https://thoughtriver.uk.auth0.com/login/callback (adjust to `.us.auth0.com` if based in the US), then click 'Configure'
  7. From the left-hand menu, go to 'API permissions'
  8. Click on 'Microsoft Graph', search for 'group', check 'Group.Read.All', then click on 'Update Permissions'
  9. From the left-hand menu, go to 'Token Configuration'
  10. Add optional claimSAML → 'UPN', then click 'Add'. You may also need to check the box to enable the Microsoft Graph profile permission
  11. From the left-hand menu, go to 'Certificates & secrets'
  12. Click 'New client secret', give it a name, choose the maximum expiry allowed, and copy the secret value

Information to Provide to ThoughtRiver

Once your Azure AD application is set up, please provide the following information to your ThoughtRiver representative:
  1. Application (Client) ID
  2. Client Secret value (copied when you created it)
  3. Azure Active Directory domain (e.g., customername.onmicrosoft.com)
If you have any questions during the setup process, please contact your ThoughtRiver Customer Success Manager or the support team for assistance.

    • Related Articles

    • SAML SSO Setup

      Setting up SAML Single Sign-On (SSO) with ThoughtRiver We support SAML 2.0 Single Sign-On (SSO) integration, allowing your users to securely log in to ThoughtRiver using your existing identity provider (IdP). In this setup, ThoughtRiver acts as the ...

    • Installing the ThoughtRiver Word add-in

      The ThoughtRiver Word add-in can be found on Microsoft AppSource (Office Store) here: https://appsource.microsoft.com/en-gb/product/office/WA200000668 It is common practice for organisations to place security restrictions on downloading add-ins from ...

    • Installing the Word Add-In for an Individual

      Installing the ThoughtRiver Word Add-In Accessing the Add-In ? Note: Whether you can download Add-ins from the Office Store or Microsoft AppSource will depend on your organization's security settings. If you cannot install the Add-in yourself, ...

    • Supported Web Browsers

      It's possible for ThoughtRiver to work with some unsupported browsers. ThoughtRiver checks browsers for the presence of methods required for the product to work correctly. If these browser methods aren't detected, you will receive an error message ...

    • Inserting External Comments as Comments in a Word Document

      When ThoughtRiver generates an Issue from a Playbook, if the Playbook has been configured with External Comments, the comments for the counterparty are populated in the External Comments field on the Issue. As you're viewing the Issue Details screen ...