Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  1. Fotoware Alto
    • 11.14 Schreckhorn
    • Terminology
    • Solutions
    • User Guide - Deutsch
    • User Guide - English
    • API Changelog
  2. Fotoware Veloz
    • Managing users and groups
    • Configuring archives
    • Configuring workflows
    • Configuring site behavior
    • Navigating and searching to find your assets
    • Working with your assets
    • Editing asset metadata
    • Uploading files
    • Version Control in Fotoware
    • Albums - Creating and sharing collections
    • Placing assets in a CMS
    • Working with the Fotoware Pro interface
    • Using the Fotoware plugins
    • Consent management
    • User guide to FotoWeb for iPad (Legacy)
    • Picture conferencing with FotoWeb Screens (Legacy)
    • What's what in Fotoware
    • GDPR
    • Fotoware Veloz releases
    • Activity Exports
    • Fotoware Example Workflows
  3. Fotostation
    • Getting started with Fotostation
    • Viewing, selecting and sorting files
    • Managing your assets with archives
    • Adding metadata to assets
    • Searching for assets
    • Working with your assets
    • Version Control in Fotostation
    • Automating tasks with Actions
    • Configuring metadata fields and editors
    • Configuring Fotostation
    • Configuring Fotostation for multi-user environments
    • Troubleshooting Fotostation
  4. Fotoware Flow
    • What is Flow?
    • Getting started
    • Flow dictionary
  5. Fotoware On-Premises
    • Getting started
    • Index Manager
    • FotoWeb
    • Color Factory
    • Connect
    • Operations Center Guide
  6. Integrations and APIs
    • The Fotoware API
    • Creating integrations using embeddable widgets
    • Authorizing applications using OAuth
    • Auto-tagging
    • FotoWeb Drag and Drop export
    • Integration using webhooks
    • Optimizely and Episerver plugin documentation
    • User Interface Integrations
  7. Fotoware Mobile
    • User guide for Fotoware Mobile for iPhone and Android
    • User guide to FotoWeb for iPad (Legacy)
    • User guide to FotoWeb for iPhone and Android (Legacy)

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Support

Table of Contents

Configuring SSO with Microsoft Entra ID Adding the Fotoware application to the Azure portal Set the correct Redirect URI Assign permissions to the application Creating the application secret Adding Microsoft Entra ID information to the Fotoware Site Configuration Adding the information to the Fotoware tenant in the Site Configuration Importing groups and assigning access
  • Home
  • Fotoware Veloz
  • Managing users and groups
  • Configuring authentication providers and single sign-on in Fotoware
  • Microsoft Entra ID integration and SSO

Setting up SSO with Microsoft Entra ID

Step by step instructions for setting up SSO with Microsoft Entra ID (formerly Azure Active Directory).

21. March 2025

Elaine Foley

Table of Contents

Configuring SSO with Microsoft Entra ID Adding the Fotoware application to the Azure portal Set the correct Redirect URI Assign permissions to the application Creating the application secret Adding Microsoft Entra ID information to the Fotoware Site Configuration Adding the information to the Fotoware tenant in the Site Configuration Importing groups and assigning access

Configuring SSO with Microsoft Entra ID

Note: It can be useful to set up a local FotoWeb account as a FotoWeb Administrator with full access to Site Configuration. 
This account is needed to log in to your Fotoware site if the application key has expired and/or SSO does not work anymore. You need a local FotoWeb Administrator account to be able to reconfigure SSO to work correctly again.

Adding the Fotoware application to the Azure portal

  1. Log in to the Azure portal and open Microsoft Entra ID.
  2. Select Add > App registration.  
  3. Enter a name for the application. 
  4. Select Web from the Select a platform drop-down list. 
  5. Select the Redirect URI that your application uses. For single sign-on to a Fotoware site, the URL must have the following format:  
    https://<site hostname>/fotoweb/auth/signin-oidc 
    Example: https://contoso.fotoware.cloud/fotoweb/auth/signin-oidc 
    Alternatively, you can copy the URI 
    (https://internalpreview.fotoware.cloud/fotoweb/auth/signin-oidc) from the Single Sign-on settings for the site (Site Configuration > Security > Single Sign-on).
  6. Select Register.

Tip: After creating the application registration, open the Overview section for your newly registered application to retrieve the Application ID (see the example below). You need this ID for the Fotoware Microsoft Entra ID configuration in the site configuration later.

Set the correct Redirect URI

Go to Application > Authentication > Redirect URIs and add a new Redirect URI. It should match the Fotoware server's public hostname followed by /fotoweb/auth/signin-oidc, for example, https://hostname.fotoware.cloud/fotoweb/auth/signin-oidc

Next, remove any other original Redirect URL listed.

Note: If you previously enabled implicit grant for ID tokens (in the Authentication section) for Fotoware, we recommend that you now disable this option. 

Assign permissions to the application

  1. Open the API permissions view for your application and select Add a permission. 
  2. Use Microsoft Graph and add the User.Read Delegated permission. 
    When using group-based access control, you must access the directory as the signed-in user (Directory.AccessAsUser.All). This is not necessary if you are only using role-based access control. 
  3. Select Save to update the permissions.

Creating the application secret

  1. Open the Certificates & secrets view for your application. You find this in the same menu as API permissions above or as a link in the Overview section.
  2. Select New client secret. 
  3. Enter a description (simply a label) in the Description field. 
  4. Select a duration from the Expires drop-down list. For security reasons, a key can be valid for a maximum of two years.
  5. Select Add to create the client secret. You can then copy it to the clipboard and paste it into the Application key field in the Microsoft Entra ID settings in the Operations Center.

Note: It is the customer's responsibility to replace the application key before it expires. Because the validity of application keys varies, it's practical to set a reminder in your maintenance calendar to replace the key before it expires. If the key does expire, users will temporarily lose access to the system. 

Adding Microsoft Entra ID information to the Fotoware Site Configuration

Make sure you have the necessary information from the Azure portal before proceeding:

Application Id -You can find this in the Overview section.

Application Key - The secret generated in the Azure portal.

Authority -This is the URL of the Microsoft Entra ID service. Typically, it is https://login.microsoftonline.com (the global Microsoft Entra ID service), but this can be different when using different authentication providers.

Directory ID -You can find the Directory ID in the Overview section, next to the Application ID.

Microsoft Graph Authority - This is the base URL for Microsoft Graph, used for retrieving user and group information.

Adding the information to the Fotoware tenant in the Site Configuration

  1. On the Fotoware site, from the Tools menu (cogwheel icon), go to Site Configuration > Security > Single Sign-on.
  2. Choose Microsoft Microsoft Entra ID as your authentication provider and enter the Application ID, Application Key (called Client Secret in the Azure portal), Authority,and Directory ID values. 
  3. Select Save.

Tip: If the following oidc_token_request_failed error is displayed when logging in, it might indicate that the application ID has expired.

Importing groups and assigning access

  1. Next, open the Linked Groups tab to select the groups you want to add to Fotoware.
  2. Select Add linked group.
  3. In the dialog that opens, enter a value in the External Group ID field. 
  4. Select a value from the Group Name drop-down list or enter a group name. The group will be created if it does not already exist.
  5. Select Add to add this group to the Linked Group list. Select Unlink if you need to remove the link to the group.
  6. Select Save on the Single Sign-on page. You can start using these groups when assigning access to archives and workflows in the system.
microsoft entra sso setup

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Configuring authentication providers and single sign-on in Fotoware
  • Groups and access control for Microsoft Entra ID
  • Specifying default license types for users and groups
eco-lighthouse-miljøfyrtårn

Company

  • About us
  • Resellers
  • Careers
  • Contact us

Help & support

  • Support center
  • Consultancy
  • Tech partners
  • Fotostation
  • System status

Trust Center

  • Legal
  • Security
  • Sustainability & ESG

Locations

Fotoware AS (HQ)
Tollbugata 35
0157 OSLO
Norway
FotoWare Switzerland AG
Industriestrasse 25
5033 Buchs (AG)
Switzerland

Copyright 2025 Fotoware All rights reserved.

  • Terms of service
  • Privacy policy
  • Cookie policy

Knowledge Base Software powered by Helpjuice

Expand