Configure Entra ID OIDC Application

Prerequisites
An Entra ID application is created intended for OpenID Connect (OIDC) authentication.

Follow the order of steps below to set up the Entra ID OIDC.

Order Instructions
Create a Client Secret.
Add Redirect URI.
Add Optional and Group Claims.

 

Create a Client Secret

  1. Login to portal.azure.

  2. Open Entra ID Active Directory.

  3. Click App registrations.

  4. Click the application you created for OIDC authentication.

  5. Go to Certificates & secrets.

  6. Click [+ New client secret].

  7. Add a description, then select the secret's expiration.

  8. Click [Add].

  9. Copy the Value of the secret. The Value will not be displayed again when you navigate away from the screen, so keep a copy before you proceed to the next step.

 

Add Redirect URI

The redirect URI must be added to the OIDC application's authentication list of Web Redirect URIs. To identify the redirect URI of CloudStream DM, you will need to get your CloudStream DM URL.

The CloudStream DM URL is in this similar pattern: https://your company domain name.region.cloudstream.ricoh.com/customer.html

RICOH CloudStream regions are "ap", "na", "eu", or "ca".

Please note on your company domain name and region.

Your redirect URI will be in this format: https://your company domain name-mauth.region.cloudstream.ricoh.com/login/oauth2/code/

Add the URI by following the steps below.

  1. In the Entra ID application, click [Authentication] in the left-side menu.

  2. If Web platform is not yet added, click [Add a platform], then choose Web. Add the redirect URI then click [Configure].

  3. If Web platform is already added, please go to the Web section, and in Redirect URIs, click [Add URI]. Input the redirect URI then click [Save].

Add Optional and Group Claims

  1. In the application, click [Token Configuration] in the left-side menu.

  2. Click [+ Add optional claim].

  3. In the Token Type, select "ID".

  4. Check email and preferred_username claims.

  5. Click [Add].

  6. Click [+ Add groups claim].

  7. Select "Security groups".

  8. In ID, choose "sAMAccountName".

  9. In Access, choose "sAMAccountName".

  10. In SAML, choose "Group ID".

  11. Click [Save].