1. In Entra ID
- OIDC (recommended)
- SAML 2.0
- In the Azure portal, open Microsoft Entra ID → App registrations → New registration.
- Name it “Quippy”.
- Supported account types — “Accounts in this organizational directory only” (single-tenant) unless you have a specific reason otherwise.
- Redirect URI — platform Web, URL = the OIDC Redirect URL from Quippy.
- After creating the app, open Certificates & secrets → New client secret. Copy the Value immediately — Azure only shows it once.
- From the Overview page, copy:
- Application (client) ID
- Directory (tenant) ID
Entra ID — App registration Overview.
2. In Quippy
- OIDC
- SAML 2.0
| Quippy field | Value from Entra |
|---|---|
| Issuer URL | https://login.microsoftonline.com/<tenant-id>/v2.0 |
| Client ID | Application (client) ID |
| Client Secret | The secret Value (not the Secret ID) |
<tenant-id> with the Directory (tenant) ID you copied from the
Overview page.3. Test connection
Click Test connection. You should get a green confirmation; then enable SSO. Keep a backup admin until your first SSO sign-in succeeds.Common gotchas
Pasted the Secret ID instead of the Secret Value
Pasted the Secret ID instead of the Secret Value
Entra shows two fields after creating a client secret — a Secret ID
(a GUID, visible later) and the Value (the actual secret, shown
once). Paste the Value into Quippy’s Client Secret field.
Tenant mismatch in the issuer URL
Tenant mismatch in the issuer URL
The issuer URL must include your tenant ID — not
common or
organizations — or Quippy won’t be able to validate the token
signature against your tenant’s keys.Missing admin consent
Missing admin consent
If your tenant requires admin consent for new apps, click Grant admin
consent on the app’s API permissions page so sign-in doesn’t prompt
every user.