Skip to main content
Skip table of contents

How To: Setup Azure ID (Entra ID) & Restrict Access

Overview

This user manual provides detailed instructions for setting up Microsoft Azure Active Directory (Entra ID) to enable secure authentication for the Captive Admin Portal.
The steps include registering an application, collecting required credentials, and optionally restricting login access to specific users or groups.

Note:
All setup steps must be performed by a user with Administrator access to the Azure portal.

Prerequisites

Before you begin, ensure that you have:

  • Administrator access to your organization’s Azure Portal

  • Access to the Captive Admin Portal where Azure AD integration will be configured

  • A valid Microsoft Entra ID tenant

Creating an App Registration

  • Sign in to the Azure Portal.

  • In the left-hand menu, navigate to:
    Azure Active Directory → App registrations → + New registration

  • Fill in the following details:

    • Name: Enter your application name (e.g., Captive Login).

    • Supported account types: Select Accounts in this organizational directory only (Single tenant).

    • Redirect URIs (optional):

      • Choose Web as the platform.

      • Enter the following URLs:

        CODE 
        https://api.k4mobility.com/captive/all/oauth/openid/callback

  • Click Register to complete the app registration.

  • After registration:

    • Go back to App Registrations

    • Select the newly created application

    • Navigate to Authentication

    • Ensure the platform settings are correct

    • Scroll to Token Configuration and:

      • Enable ID Tokens

      • Under Advanced Settings, set Allow public client flows to No

    • Click Save.

Collecting Important Values

After registration, three key identifiers are required to configure authentication in the Captive Admin Portal.

Tenant ID

  1. From the Azure Portal Home, go to Microsoft Entra ID.

  2. Copy the Tenant ID displayed — this uniquely identifies your organization.

Client ID

  1. Navigate to Azure Active Directory → App registrations.

  2. Select your registered application.

  3. Copy the Client ID — this uniquely identifies your application.

Client Secret

  1. Open the application, then go to Certificates & Secrets → Client secrets.

  2. Click + New client secret.

  3. Fill in:

    • Description: (e.g., Captive Auth Secret)

    • Expires: Choose an appropriate duration.

  4. Click Add.

  5. Copy the Secret Value immediately (it will only be visible once).

Captive Admin Portal Configuration

Enter the following values in the Captive Admin Portal’s Azure AD authentication section:

  • Tenant ID

  • Client ID

  • Client Secret

This enables third-party login through Azure AD.

Restricting Application Access to Specific Users or Groups

If you wish to limit login access to selected users or groups, follow these steps:

  • In Azure Portal, navigate to:
    Microsoft Entra ID → Enterprise Applications

  • Under Manage → All Applications, select the application used for Captive Login.

  • In the application menu, go to Properties.

    • Set Assignment required? to Yes.

    • Click Save.

  • Then go to Users and Groups → + Add user/group.

  • In the pop-up window:

    • Click Users and groups.

    • Select the desired users or groups.

    • Click Assign.

Now, only the assigned users and groups can log in via Azure AD.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close