Setting up an OpenID Connect (OIDC) IdP for the Metaverse with Entra ID (Azure AD)

Setting up an OpenID Connect (OIDC) IdP for the Metaverse with Entra ID (Azure AD)

Jump to:

Setting up an OpenID Connect (OIDC) IdP for the Metaverse with Entra ID (Azure AD)

1. Overview

2. Creating the OIDC-based application

3. Configuring the application

4. Providing Hyperspace with authentication details

5. Configuring the Redirect URL

1. Overview

Microsoft Entra ID (Azure Active Directory or Azure AD) Single Sign-on (SSO) is an Identity and Access Management (IAM) solution that enables associates from organizations to login to the Hyperspace Metaverse Platform using their existing organization credentials.

Given a simple link to a meeting, event, training or a corporate metaverse users can join frictionlessly through one login. Immersive experiences can now be woven into the flow of work without living in an “application silo”.

2. Creating the OIDC-based application

The following configuration can be accessed by logging in to Entra ID (Azure AD) as a Global Administrator, at https://portal.azure.com/.

On the home screen click the Microsoft Entra ID button or select it through the menu on the left (if it is not showing, click on the icon with three horizontal lines at the top left).

 

Choose Enterprise applications, in the left-hand menu.

Click on New application

Next:

  1. Click on Create your own application and a new menu will appear (slide) on the right side of the screen.
  2. Choose a name for your application – we recommend something descriptive that you can easily recognize later.
  3. Select: Register an application to integrate with Microsoft Entra ID (App you're developing)
  4. Click Create

A new page will load where you can select the account types that can access this application.

Select Account in this organizational directory only (…)  and click Register on the bottom of the page.

It might take a minute for Azure to create the application, you will be notified once it’s done and automatically redirected to the application’s page.

3. Configuring the application

Once the application has been created, click on Single sign-on on the left menu.

Next, the OIDC-based page will load, select Go to application, in Step 1.

On this next screen, you will need to write down some information about your new SSO Application to send to your support contact in Hyperspace. Also, you will create your application secret.

Please follow these numbered steps – they match the ones in the next screenshot:

  1. Write down your Application (client) ID
  2. Write down your Directory (tenant) ID
  3. Click Add a certificate or secret

A new menu will appear (slide) from the right side of your screen.

Follow these steps:

  1. Chose what best describes your secret;
  2. Choose when it should expire – keep in mind that you will need to send new secrets to us before expiration, so select an appropriate expiration time that matches the organization policies and best security practices.
  3. Click Add

On the next screen copy the Value of your secret to a secure location and write it down to send it to your Hyperspace support contact.

Important: this value will only appear at this stage. If you leave the page the Value will be masked when you return.

If this happens, delete the previously created secret and create a new one.

4. Providing Hyperspace with authentication details

The last step in setting up the SSO integration is to provide Hyperspace with the details that we asked you to collect on the previous step.

Here is the summary of what is required for us to start the IdP registration process:

  • Application (client) ID
  • Directory (tenant) ID
  • Secret Value

Once the setup has been completed on Hyperspace’s side, we will send you back:

5. Configuring the Redirect URL

The final step in this process is to configure the Redirect URL to Hyperspace.

To do that, follow these steps:

  1. Select Authentication on the left menu of your SSO Application
  2. Click Add a platform
  3. Select Web

Finally:

  1. Paste the Redirect URL that Hyperspace sent you
  2. Select the option ID tokens (used for implicit and hybrid flows)
  3. Click Configure

To test your setup, access: https://auth.universalavatars.com/sso and use the Organization ID that Hyperspace provided in the SSO form.

You will now be able to use this method to sign in on UniversalAvatars (and by extension the Hyperspace ecosystem).

How useful was this article?

Click on a star to rate it!

We are sorry that this article was not useful for you!

Let us improve this article!

Tell us how we can improve this article?