Step 1: Create Enterprise Application in Azure Portal
Log in to https://portal.azure.com/
Navigate to Enterprise Applications
Go to New Application
Create your own application
Give app a name.
Click “Register an application to integrate with Microsoft Entra ID” radio button.
Click Create
Supported account types : Accounts in any organizational directory (Single Tenant)
Step 2: Add Redirects
Add Single Page Application Redirect URIs in the ‘Authentication’ section
Step 3: Configure options
Make sure your Options are selected the same as below so that Entra ID will be able to send ID and Access Tokens:
Navigate to Single sign-on, under Configure application properties, click the “Go to application” link
Navigate to Single sign-on (Should be set up with OIDC Based SSO).
Add a Name
Add Optional Token Claims(this step is not optional)
Make sure you have the following claims shown below:
Make sure you add the Verified_Primary_Email to both “ID” and “Access” token types
In order to add a Claim, you will click “Add optional claim”:
Then, you will choose which Token Type to add the claim to:
Now you can choose the claims you want and click “Add”
Add API Permissions
Navigate to API permissions where you'll be required to include permissions for email and User.Read using Microsoft Graph.
To accomplish this, simply select "Add a permission" followed by Microsoft Graph:
You will need to add a “Delegated” permission:
You will add “User Read” and “Email”
Step 4: Add Groups/Users
In order to provide access to the Single Sign On through this enterprise app, you will need to add them as a User. You can do that in the “Users and groups” section. Here’s some documentation on that: Manage users and groups assignment to an application - Microsoft Entra ID | Microsoft Learn
Navigate to All Applications under Enterprise Applications and find the new app that was just created/registered.
Click on app and click Assign Users and Groups and select users/groups that need to be allowed to access app.
Step 5: Obtain ID’s for Configuring Application
Navigate to Overview and copy the client ID which is needed to configure SSO in the Flex/Fieldlens application.
Step 6: Add Configuration for Mobile Applications
Navigate to Authentication section of the Enterprise Application:
Click "Add a platform"
Select IOS or Android (if using both, configure each individually)
Enter values shown below:
| IOS / macOS |
Bundle ID | RedTeamShare |
Redirect URI | msauth.RedTeamShare://auth |
| Android |
Package name | com.redteamsoftware.redteamshare |
Signature hash | 2jmj7l5rSw0yVb/vlWAYkK/YBwk= |
Redirect URI | msauth://com.redteamsoftware.redteamshare/2jmj7l5rSw0yVb%2FvlWAYkK%2FYBwk%3D |
Final configuration with both Android/IOS should look like this
Step 7: Add SSO Configuration to RedTeam Flex Configuration
In RedTeam Flex an Admin will need to go to the Configuration Menu
Within the Configuration Menu, navigate to My Company under Controls
Scroll down to SSO Configuration, there you will need to input Company Domain, Client ID, Authority, and the Redirect URL which were all configured from the steps above
Once complete, hit Save