# Microsoft Entra ID Self Serve SSO Steps - OIDC

The following steps have to be executed in the SingleStore Helios Portal and the Microsoft Azure AD Self Serve SSO Steps(previously Azure AD) Admin portal sequentially.

## In the SingleStore Helios Portal

1. Open the **ORG:your-org** menu on the top and go to **Organization Details**.

2. Select the **Authentication** tab.

3. Use the **Add Identity Provider** list on the right and select `OpenID Connect 1.0` identity provider connection.

4. Add a **Connection Name**, for example, *Azure-OIDC*.

## In the Microsoft Entra ID Admin Portal

1. In the Microsoft Entra ID tenant, select **App registrations** in the left pane.

2. Select  **+New registration** on the top left.

3. For **\* Name** use *SingleStore*.

4. Select which accounts can access the API, typically this is `Accounts in this organizational directory only` (the default).

5. Under **Redirect URI** (optional):

   * Select a platform: `Web`
   * For the URL, from the SingleStore Helios Portal, copy **Login Redirect URLs** to **Login Redirect URLs**.

## In the SingleStore Helios Portal

1. Set up the issuer for Microsoft Entra ID, under (2) **Client Details / Client ID** copy **Application (client) ID** from under **Register** in the Microsoft Entra ID portal.

2. Fill in the **Client Details /Issuer** by manually joining together the following three substrings into a single string:

   * `https://login.microsoftonline.com/`
   * The directory (tenant) ID, a uuid.
   * `/v2.0`.

3. Adjust the **Scopes** under **Connection Settings**. The desired scopes are: "openid", "email", "offline\_access", and "profile".  Adjust scopes to match these.

4. [Add your domain](https://docs.singlestore.com/cloud/security/portal-access/troubleshooting-sso-connections/#section-idm4551296101785633961190540101.md) , [verify it](https://docs.singlestore.com/cloud/security/portal-access/identity-provider-connections/#section-idm4545492259355233864600968389.md) and select **Activate**.

## In the Microsoft Entra ID Admin Portal

1. A client secret is required. These client secrets always expire.

2. On the main page, under **Client credentials**, select **Add a certificate or secret**.

3. Select **+New client secret&#x20;**&#x74;o add a new secret.

4. Fill in the description and set an expiration date. Note, that authorization will break on that date.

## In the SingleStore Helios Portal

1. On the main Authentication screen, select **Update Connection** in the **Actions** column and copy the secret from the Microsoft Entra ID portal.

2. Select **Save** to confirm the changes.

***

Modified at: April 1, 2026

Source: [/cloud/security/portal-access/oidc/microsoft-entra-id-self-serve-sso-steps-oidc/](https://docs.singlestore.com/cloud/security/portal-access/oidc/microsoft-entra-id-self-serve-sso-steps-oidc/)

(An index of the documentation is available at /llms.txt)