Instruction
Configuratie - Systeem - Oauth providers

This page describes how to register i-Reserve as an application in Microsoft Entra ID (formerly Azure AD), so users can sign in to i-Reserve with their Microsoft account. This is not the Outlook calendar integration — it is purely about signing in (single sign-on, SSO).

For the i-Reserve-side setup (adding and activating the provider) see "How do I activate an OAuth provider in i-Reserve?".

Online documentation

Step 1: Create an app registration

Go to Microsoft Entra admin centerMicrosoft Entra IDApp registrationsNew registration.

  • Name: a recognisable name, for example i-Reserve SSO.
  • Supported account types: choose Accounts in this organizational directory only (single tenant) if only your own staff sign in. Choose a multi-tenant option if accounts from other organisations must be able to sign in too.

Step 2: Set the redirect URI

Under Authentication, add a platform of type Web (i-Reserve exchanges the code server-side using the secret — a confidential client). Register the redirect URI(s) you need:

  • Admin login: https://<yourdomain>/adminlogin
  • Customer login: https://<yourdomain>/login

The URI must match exactly what i-Reserve sends. See "What is the redirect URL?". Unsure of the exact value? Click the Microsoft sign-in button in i-Reserve and copy the redirect_uri= parameter from the resulting Microsoft URL — register that value verbatim.

Step 3: Create a client secret

Go to Certificates & secretsNew client secret. Copy the Value (not the Secret ID) immediately — it is shown only once. Note the expiry date and renew the secret in time.

Step 4: Configure API permissions

Go to API permissionsAdd a permissionMicrosoft GraphDelegated permissions. On sign-in i-Reserve requests the following delegated permissions:

  • openid
  • User.Read
  • offline_access
  • Contacts.Read

Note: if your tenant policy requires admin consent, click Grant admin consent for <organisation>. Without it, regular users get the message "Approval required" and cannot sign in.

Step 5: Copy the values into i-Reserve

In i-Reserve go to Configuration → System → Oauth providers, add the Microsoft provider and enter:

Field in i-Reserve Value from Entra
Key Id Application (client) ID
Key Secret The client secret Value from step 3
Tenant Directory (tenant) ID. For a multi-tenant registration enter common.

Then switch on active (customer login) and/or active (admin) (admin login) and save. The change takes effect immediately.

Common problems

Message Cause and solution
Approval required Your tenant requires admin consent. An administrator grants it under API permissions via Grant admin consent (step 4).
Invalid redirect/callback URL (e.g. AADSTS500113) The redirect URI is missing, or not exact, in the app registration. Register exactly https://<yourdomain>/adminlogin and/or https://<yourdomain>/login.
Account does not exist in the directory The Tenant field points to a different tenant than the user's, or the app is single-tenant while common was entered. Check the tenant ID.
Invalid client or secret Key Id/Key Secret copied incorrectly or the secret has expired. Create a new secret and update the configuration.