Single Sign On

Azure Entra ID Configuration 

Single Sign-On (SSO) Setup Guide for Customers 

IMPORTANT: App Registration Type 

This guide covers Entra App Registration with Client Secret authentication. Do NOT use Entra Enterprise App or SAML configuration. If you need to set up SAML-based SSO, please contact RTA Support for alternative guidance. 

Overview 

This document provides step-by-step instructions for configuring Single Sign-On (SSO) in Microsoft Entra ID (formerly Azure AD). Your IT team will need to create an App Registration with specific permissions to enable RTA Fleet to authenticate your users. 

What You Need 

• Access to Microsoft Entra ID (Azure AD) admin portal 

• Permissions to create App Registrations 

• Ability to manage API permissions 

• Permission to create and manage application credentials (Client Secrets) 

Step-by-Step Setup Instructions 

Step 1: Navigate to App Registrations 

1. Go to the Microsoft Entra admin center at  https://entra.microsoft.com 

2. In the left navigation menu, select Identity > Applications > App registrations 

Step 2: Create a New Registration 

3. Click the  + New registration button 

4. Enter a name for the application (e.g., RTA Fleet SSO) 

5. Under Supported account types, select Accounts in this organization only (Single tenant) 

6. Click Register 

Step 3: Configure Redirect URI 

Important: The Redirect URI tells Entra where to send users after they authenticate. This must be set correctly for SSO to work. 

7. From your app registration, go to Manage > Authentication 

8. Under Platform configurations, click + Add a platform 

9. Select Web 

10. Under Redirect URIs, enter: https://rtafleet.auth0.com/login/callback 

11. Under Front-channel logout URL (optional), you may enter: https://rtafleet.auth0.com/logout 

12. Check the box for ID tokens (used for implicit and hybrid flows) 

13. Click Configure 

Step 4: Configure API Permissions 

Important: Your app needs delegated permissions to read user information from Microsoft Graph. 

14. From your app registration, go to Manage > API permissions 

15. Click + Add a permission 

16. Select Microsoft Graph 

17. Choose Delegated permissions 

18. Search for and add the following permissions: 

• User.Read  

• (Allows the app to read basic user profile information) 

19. After adding all permissions, click Grant admin consent for [your organization] 

Step 5: Create Client Secret 

Warning: Store your Client Secret securely. You will only see it once. 

20. From your app registration, go to Manage > Certificates & secrets 

21. Under the Client secrets section, click + New client secret 

22. Enter a description (e.g., RTA Fleet SSO Secret) 

23. Select an expiration period (we recommend 24 months) 

24. Click Add The secret will appear. Copy and save the VALUE (not the Secret ID). You will not be able to see this value again. 

Step 6: Gather Required Information 

Once you complete the above steps, collect the following information to send to RTA Support: 

Next Steps 

25. Once you have collected all the information above, contact RTA Support 

26. Provide your IT contact person with the gathered information 

27. RTA will configure the connection on our end 

28. RTA will send you a login link to authorize and test the connection 

Troubleshooting 

I cannot create an App Registration 

• You need to have administrator privileges in Entra ID. Contact your IT department to ensure you have the Application Administrator or Cloud Application Administrator role. 

I cannot add permissions 

• Ensure you have properly selected Delegated permissions (not Application permissions). You may also need an administrator to grant consent for the permissions. 

I lost my Client Secret 

• Client Secrets are only displayed once at creation. If you lose the value, you must create a new Client Secret in the Certificates & secrets section. The old one can be deleted. 

 Questions? 

Contact RTA Support for assistance with SSO setup or configuration troubleshooting.