| [](https://help.abitsystems.com.au/uploads/images/gallery/2024-11/aO5image.png) | Create a new application and allow Web URL of http://localhost |
| [](https://help.abitsystems.com.au/uploads/images/gallery/2024-11/W1eimage.png) | Record Application (client) ID and Directory (tenant) ID for future use. Click Add a certificate or secret |
| [](https://help.abitsystems.com.au/uploads/images/gallery/2024-11/Jbqimage.png) | Click new secret, and create an entry with required duration and name |
| [](https://help.abitsystems.com.au/uploads/images/gallery/2024-11/QkOimage.png) | Copy the value.
NOTE: you cannot view this value again. |
| [](https://help.abitsystems.com.au/uploads/images/gallery/2024-11/hUvimage.png) | To access group details the API needs Group.Read.All application permission |
| [](https://help.abitsystems.com.au/uploads/images/gallery/2024-11/x3Ximage.png) | Select Microsoft Graph |
| [](https://help.abitsystems.com.au/uploads/images/gallery/2024-11/CZwimage.png) | Select delegated permissions and search for group to add Group.Read.All |
| [](https://help.abitsystems.com.au/uploads/images/gallery/2024-11/1vgimage.png) | Confirm admin consent |
| [](https://help.abitsystems.com.au/uploads/images/gallery/2024-11/m91image.png) | Start the Service Scheduler Install / Upgrade wizard on the server |
| [](https://help.abitsystems.com.au/uploads/images/gallery/2024-11/km4image.png) | Click next until the Account Settings page and select "Global" |
| [](https://help.abitsystems.com.au/uploads/images/gallery/2024-11/Whrimage.png) | Set sso\_entra\_enabled to 1 Add the azure application details to appropriate value clientid, secret and tenantid |
| [](https://help.abitsystems.com.au/uploads/images/gallery/2024-11/KZpimage.png) | To stop the prompt adjust global setting sso\_entra\_authorize\_endpoint |
| [](https://help.abitsystems.com.au/uploads/images/gallery/2024-11/bzrimage.png) | [https://login.microsoftonline.com/%tenantid%/oauth2/v2.0/authorize?client\_id=%clientid%&response\_type=code&redirect\_uri=%redirect\_uri%&response\_mode=query&scope=%scope%&prompt=select\_account](https://login.microsoftonline.com/%tenantid%/oauth2/v2.0/authorize?client_id=%clientid%&response_type=code&redirect_uri=%redirect_uri%&response_mode=query&scope=%scope%&prompt=select_account) Remove the &prompt=select\_account to disable. |
For groups to work the Microsoft Entra application will need [Group.Read.All](https://help.abitsystems.com.au/books/service-scheduler-administration-guide/page/register-entra-application "Register Entra application") permission
| [](https://help.abitsystems.com.au/uploads/images/gallery/2024-11/dElimage.png) | Start the Service Scheduler install and upgrade wizard |
| [](https://help.abitsystems.com.au/uploads/images/gallery/2024-11/9bFimage.png) | Select settings |
| [](https://help.abitsystems.com.au/uploads/images/gallery/2024-11/djPimage.png) | Locate the settings sso\_entra\_allow\_groups and sso\_allow\_upn\_suffix |
| [](https://help.abitsystems.com.au/uploads/images/gallery/2024-11/Vu9image.png) | To limit access to certain group, add the group names separated by the ";" character. |
| [](https://help.abitsystems.com.au/uploads/images/gallery/2024-11/nT6image.png) | To limit to user UPN suffix enter the userPrincipalName suffix |