How can I set up sign in with Microsoft (Entra ID)?
This page describes how to register i-Reserve as an application in Microsoft Entra ID (formerly Azure AD), so users can sign in to i-Reserve with their Microsoft account. This is not the Outlook calendar integration — it is purely about signing in (single sign-on, SSO).
For the i-Reserve-side setup (adding and activating the provider) see "How do I activate an OAuth provider in i-Reserve?".
Online documentation
- https://learn.microsoft.com/entra/identity-platform/quickstart-register-app
- Microsoft Entra admin center (App registrations)
- https://portal.azure.com/
Step 1: Create an app registration
Go to Microsoft Entra admin center → Microsoft Entra ID → App registrations → New registration.
- Name: a recognisable name, for example i-Reserve SSO.
- Supported account types: choose Accounts in this organizational directory only (single tenant) if only your own staff sign in. Choose a multi-tenant option if accounts from other organisations must be able to sign in too.
Step 2: Set the redirect URI
Under Authentication, add a platform of type Web (i-Reserve exchanges the code server-side using the secret — a confidential client). Register the redirect URI(s) you need:
- Admin login:
https://<yourdomain>/adminlogin - Customer login:
https://<yourdomain>/login
The URI must match exactly what i-Reserve sends. See "What is the redirect URL?". Unsure of the exact value? Click the Microsoft sign-in button in i-Reserve and copy the redirect_uri= parameter from the resulting Microsoft URL — register that value verbatim.
Step 3: Create a client secret
Go to Certificates & secrets → New client secret. Copy the Value (not the Secret ID) immediately — it is shown only once. Note the expiry date and renew the secret in time.
Step 4: Configure API permissions
Go to API permissions → Add a permission → Microsoft Graph → Delegated permissions. On sign-in i-Reserve requests the following delegated permissions:
openidUser.Readoffline_accessContacts.Read
Note: if your tenant policy requires admin consent, click Grant admin consent for <organisation>. Without it, regular users get the message "Approval required" and cannot sign in.
Step 5: Copy the values into i-Reserve
In i-Reserve go to Configuration → System → Oauth providers, add the Microsoft provider and enter:
| Field in i-Reserve | Value from Entra |
|---|---|
| Key Id | Application (client) ID |
| Key Secret | The client secret Value from step 3 |
| Tenant | Directory (tenant) ID. For a multi-tenant registration enter common. |
Then switch on active (customer login) and/or active (admin) (admin login) and save. The change takes effect immediately.
Common problems
| Message | Cause and solution |
|---|---|
| Approval required | Your tenant requires admin consent. An administrator grants it under API permissions via Grant admin consent (step 4). |
Invalid redirect/callback URL (e.g. AADSTS500113) |
The redirect URI is missing, or not exact, in the app registration. Register exactly https://<yourdomain>/adminlogin and/or https://<yourdomain>/login. |
| Account does not exist in the directory | The Tenant field points to a different tenant than the user's, or the app is single-tenant while common was entered. Check the tenant ID. |
| Invalid client or secret | Key Id/Key Secret copied incorrectly or the secret has expired. Create a new secret and update the configuration. |






