Skip to main content

Integrating your Entra ID (Azure Active Directory) with Claned

  • Updated

Claned has an Entra ID (formerly known as "Azure AD") integration for authentication and authorization. In practice, this means that we can integrate with your Entra ID/Azure AD tenant with little configuration and no development. Our integration is a paid extension to your Claned subscription, please contact support@claned.com to get started.

This has two benefits:

  • Users can seamlessly log in using their own Office365 accounts.
  • Admin view gets group information in real time. This is convenient, because this means the you only have to maintain information of who belongs to what group in your own directory, and we'll automatically sync that information to your organization in Claned.

Introductory knowledge

To give some intuition of how the integration works, here’s how the data flows.

  1. A user goes to the Claned login page. They click the “Log in with Office365” option.
  2. Claned knows the tenant ID of your Claned organization and directs the user to the Microsoft login page.
  3. The user logs in successfully and is redirected back to Claned.
  4. At this point, Claned gets the user’s information about their profile and to which groups they belong. Claned then knows what groups this user should be in, which directly affects what boards the user sees.


Instructions on how to integrate with Claned

Below are steps to take to complete the integration. The application registration process in the Entra ID Admin Center needs be done by someone who has admin rights for your instance, but any admin in your Claned organization can configure the integration in Claned's admin view. Claned uses the Microsoft Graph API to sync between the tenant and our backend. Important note: only one integration can be done per tenant.

 

1. Register an Application in Entra ID/Azure AD

  • Go to the Entra ID Admin Center (entra.microsoft.com) or the Azure Portal (portal.azure.com).

  • Find your tenant ID and enter it into the "Tenant ID" field on the Entra ID/Azure AD settings page in Claned Admin.

  • Entra ID: In the left-hand panel, click "Applications" > "App registrations".

  • Azure AD: Navigate to "Azure Active Directory" > "Manage" > "App registrations".

  • Click "New registration" and provide the following details:

    • Name: Choose a name for your application.

    • Supported account types: Select the appropriate option based on your needs (e.g., single-tenant or multi-tenant).

    • Redirect URI: This is not necessary for server-to-server authentication.

  • Click "Register".

  • On the application overview page, locate "Application (client) ID", copy it, and paste it into the "ClientId" field on the Entra ID/Azure AD settings page in Claned Admin.

2. Create a Client Secret

  • In the newly registered application, navigate to "Certificates & secrets".

  • Click "New client secret", then provide:

    • Description: Name the secret for identification purposes.

    • Expiration: Set an expiry period (e.g., 6 months or 1 year).

  • Click "Add", then copy the Value (this will not be visible again).

  • Paste the copied value into the "ClientSecret" field on the Claned Admin settings page.

3. Grant API Permissions

    • In your application, go to "API Permissions".

    • Click "Add a permission".

    • Select "Microsoft Graph" > "Application permissions".

    • Search for and add the following required permissions. When requested, choose "Application permissions":


      • Directory.Read.All – Allows reading directory data, including groups.

      • Group.Read.All – Grants permission to read group data.

    • After adding both permissions, click "Grant admin consent" to apply these permissions.

 

  • Lastly, refresh the Claned Admin view to ensure that your groups have appeared. 

All done!

 

Sharing boards to an Entra ID/AAD group

Tenant groups can be synced to Claned via the Entra ID/Azure AD settings page. Once the integration is complete, a menu with the groups in that particular instance can be found below the app registration/client secret/client ID fields. Click on any group checkbox and it will be synced to your organization in Claned. You can also search for groups that you'd like to sync. Once synced, boards can be shared to these groups just as you would for normal Claned groups. 

 

Was this article helpful?
2 out of 2 found this helpful
Have more questions? Submit a request
Return to top

Related articles

Powered by Zendesk