Microsoft Entra ID (previously Azure Active Directory)

Use these instructions to set up Microsoft Entra ID as your SSO provider for Tonic Structural.

Azure configuration

Register Structural as an application within the Entra ID Portal:

  1. In the portal, navigate to Microsoft Entra ID -> App registrations, then click New registration.

  1. Register Structural and create a new web redirect URI that points to your Structural instance's address and the path /sso/callback.

  2. Take note of the values for client ID and tenant ID. You will need them later.

  1. Click New client secret and create a new client secret

  1. Take note of the secret value. You will need this later.

  1. Navigate to the API permissions page. Add the following permissions for the Microsoft Graph API:

    • OpenId permissions

      • email

      • openid

      • profile

    • GroupMember

      • GroupMember.Read.All

    • User

      • User.Read

  1. Click Grant admin consent for Tonic AI. This allows the application to read the user and group information from your organization.

  1. When permissions have been granted, the status should change to Granted for Tonic AI.

  2. Navigate to Enterprise applications and select Tonic Structural. From here, you can assign the users or groups that should have access to Structural.

Structural configuration

In the Structural web server container, set the following Structural environment settings:


  • TONIC_SSO_CLIENT_ID: <Microsoft Entra ID Client ID>

  • TONIC_SSO_CLIENT_SECRET: <Microsoft Entra ID Client Secret>

  • TONIC_SSO_TENANT_ID: <Microsoft Entra ID Tenant ID>

  • TONIC_SSO_GROUP_FILTER_REGEX: Identifies the allowed groups for Structural. For details, go to Synchronizing SSO groups with Tonic Structural.

For Kubernetes, TONIC_SSO_CLIENT_SECRET can be provided through the tonic-sso-client-secret secret

Last updated