Azure / Microsoft Entra Configuration for Open edX SSO

CoLab
1

LMS Domain Example:
https://learn.acme.com

This document outlines the Azure-side configuration required for enabling Microsoft Entra (Azure AD) SSO with Open edX. All steps below should be completed by the client’s Azure / Microsoft Entra team.

1. Register the Application in Microsoft Entra ID

1.1 Sign In

Go to:

https://entra.microsoft.com

Sign in with an account that has permission to register applications.

1.2 Create a New App Registration

Navigate to:

Identity → Applications → App registrations → + New registration

Provide the required details:

Name
Choose an appropriate name that clearly identifies this application as the Open edX SSO integration.

Example:

Open edX - Sikhiya Online

Supported account types
Select the option that aligns with your authentication requirements.

For most enterprise-only deployments, this is:

Accounts in this organizational directory only

Redirect URI

  • Platform: Web
  • URL:
https://learn.acme.com/auth/complete/azuread-oauth2/

Click Register once the information is completed.

2. Collect and Share Required Credentials

After the application is created:

Go to the Overview tab and copy:

  • Application (client) ID

These values must be securely shared with us.

3. Create a Client Secret

Navigate to:

Certificates & secrets → Client secrets → + New client secret
  • Add a description that aligns with your internal naming standards.

Example:

Open edX Production Secret
  • Choose an expiration period according to your organization’s security policy.
  • Click Add.

Immediately copy:

  • Client Secret Value

Note:

The secret value is shown only once. If it is not saved at this time, a new secret must be generated.

Securely share this secret with the Open edX team.

4. Configure API Permissions

Navigate to:

API permissions

Ensure the following delegated permission is configured:

  • Microsoft Graph
    • User.Read

If it is not already present:

  1. Click Add a permission
  2. Select Microsoft Graph
  3. Choose Delegated permissions
  4. Add User.Read

After confirming the permission, select:

Grant admin consent for [Your Organization]

Granting admin consent prevents users from being prompted for permission approval during their first login attempt.

5. Information to Provide to Open edX Team

Please securely share the following:

  • Application (Client) ID
  • Client Secret (Value)