Skip to main content

SSO Setup with Microsoft Entra

warning

This guide is for administrators of organizations that use Microsoft Entra as their identity provider. Also, while stricly speaking the IDs aren't sensitive information (except for the client secret), don't share them public on the internet. The demo instance shown in the screenshots has been deleted.

1. Prerequisites

  • A Microsoft Entra tenant
  • Your organization's identifier for the PrivateGPT instance, will be used as subdomain in <your-organization-identifier>.chat.nebul.io.

2. Configure Microsoft Entra

2.1. Navigate to the Microsoft Azure Portal

  1. Navigate to the Microsoft Entra ID Portal
  2. Open the Microsoft Entra ID admin center
  3. Select "App registrations" in the left-hand menu
  4. Click on "New registration"

2.2. Create a new client

  1. Choose a name for the client, for example "PrivateGPT"
  2. Select "Accounts in this organizational directory only" for supported account types
  3. Select "Web" for the redirect URI and enter the following URI: https://auth.nebul.io/realms/privategpt-<your-organization-identifier>/broker/microsoft/endpoint
  4. Click on "Register"
Register application in Microsoft Entra

2.3. Configure the client

  1. Open "Applications" in the left-hand menu
  2. Click on the application you just created
  3. Click on "Certificates & secrets" in the left-hand menu
  4. Click on "New client secret"
  5. Choose a name for the client secret, for example "PrivateGPT"
  6. Select appropritate expiration. After the expiration date, the client secret will no longer work. We recommend a one year expiration.
  7. Click on "Add"
  8. Copy the client secret (in column "Value") and save it in a secure location
  9. Share the client secret with us, via a different channel than the other details (will be improved in the future).
Create client secret in Microsoft Entra

2.4. Collect App Registration Details

  1. Click on "Overview" in the left-hand menu
  2. Copy the "Application (client) ID" and save it in a secure location, you will need to share it with us.
  3. Copy the "Directory (tenant) ID" and save it in a secure location, you will need to share it with us.

2.5 Share the App Registration Details

  1. Open the form at this link
  2. Fill in your organization's identifier, your name, and your email
  3. Fill in the "Application (client) ID"
  4. Fill in the "Directory (tenant) ID"
  5. Click on "Submit"

Don't forget to share the client secret with us, via a different channel than the other details.