This article provides a guide for setting up Microsoft Entra ID (formerly Microsoft Azure Active Directory) as a Single Sign-On (SSO) method of authenticating within an organisation’s Lighthouse instance.
Note: Lighthouse uses Microsoft’s REST API and webhook Engine known as Graph to integrate with Microsoft’s Entra ID as an Identity Provider (IdP).
Lighthouse requires the organisation’s Tenant ID to be configured to know which Tenant to trust users from. This can be provided to Lighthouse’s Product Team if it is known. However, if it isn’t known, the below steps will help Lighthouse’s Product Team gather it.
1. Log into this site: https://azuresso.lighthouse.torque.software/Login
2. You will be requested to log into Microsoft (if you are not already logged in).
3. An Admin Consent or Permission Required alert will appear like so:
4. You will need to either accept the request or have the Organisation Entra ID Administrator process the Admin Consent within Microsoft Entra ID’s Admin Consent Section.
5. Once you have proceeded past the approved/permission request, you will see an error message from Lighthouse stating that your user does not exist, or your organisation is not yet configured for Lighthouse use.
6. This alert is expected, and Entra ID will send Lighthouse information about the attempted Login. The Tenant ID is included in this information. Alternatively, the Tenant ID can be provided to Lighthouse Product Team Directly if known or accessible.
7. Using this ID, Lighthouse’s Product Team will configure the new Tenant to access that Lighthouse instance.
Once users are added to Lighthouse, at least one of the following (in Lighthouse) is required to match the Primary User ID from Microsoft Entra ID:
- Login ID
- Email Address
- Alternate Logon ID
The easiest way to do this is by using Microsoft Entra ID as the source of truth for your Lighthouse users and utilising Lighthouse Entra ID Integration further by importing users from an Entra ID nominated group.
Refer to this User Guide for more information: Register Lighthouse in Azure Active Directory-Lighthouse User Integration