# Microsoft Entra ID (oAuth)

Microsoft integration allows to connect Cusna with your Microsoft account.

Microsoft users in your enterprise account can directly enter their email in the WiFi Portal without any previous manual provisioning, or login with their Microsoft credentials.

If their email matches with a member in your Microsoft account, the user will receiver a magic link via email to access directly to the Portal and retrieve the personal WiFi PPSK.

### Microsoft account setup

1. Log in to Microsoft Azure click **Enterprise applications** > **New application**.
2. Click **Create your own application**, enter a name for the application, select **Integrate any other application you don't find in the gallery (Non-gallery)** and click **Create**.\
   \
   ![](/files/wTHqtmqylN5vYQolGJaL)<br>
3. From **Active Directory** (now Microsoft **Entra ID)** in the Azure Portal, and select **App Registration**. Click on the app you just created
4. From the **Overview** page, copy the **Application** (**Client) ID** and the **Tenant ID**
5. Click Authorization and select **+ Add a platform** and select **Web**.\
   Enter the following **Redirect URI**:\
   `https://www.cusna.io/oauth`\ <br>

   <figure><img src="/files/Ye7PwfJxt4XVOScJb1Ys" alt=""><figcaption></figcaption></figure>
6. Click **API Permissions** and select **+ Add Permission**
7. **Select Microsoft Graph** and click on **Application Permissions**\ <br>

   <figure><img src="/files/HLpG2ijkwYWu1YmOB37M" alt=""><figcaption></figcaption></figure>
8. Select the permissions
   1. *Group.Read.All*
   2. *User.Read.All*
9. Click **Grant admin consent for .... \<yourComapnyName>**
10. If not already enabled, also enable the User.Read Delegated permission. Click **+ Add a permission** again, select Delegated Permission and serach and enable *User.Read*
11. You final Configured permissions should look like the following screenshot

    <figure><img src="/files/7wVFxzg77ymR5Pq5SOaZ" alt=""><figcaption></figcaption></figure>
12. Click on **Certificates and Secrets**, click on  + **New Client Secret**. Enter a name and click Add.
13. Copy the value "***Value***" of the secret (not the Secret ID). This value will be shown only once.<br>

### Cusna Setup

Go to Integrations and click **New** in the Integration card. Select **Microsoft**.

Enter the **Client ID**, **Secret** and **Tenant** ID of your Microsoft App. Pick the default **VLAN** that will be assigned to all authorized members.

<figure><img src="/files/Y542mRq9TVSXagQNv5fB" alt=""><figcaption></figcaption></figure>

Click **Setup**.

<figure><img src="/files/YNRMt2yK5HSuz3eWaUe9" alt=""><figcaption></figcaption></figure>

You can click **Edit** to change the parameters of the integration at any time.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cusna.io/cloud-identity-platforms-integrations/enterprise-cloud-idps/microsoft-entra-id-oauth.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.