Configure Azure AD
Set up Microsoft Entra ID (Azure AD) as your identity provider.
Before you start, find your callback URL on the Configure SSO page: {gatewayUrl}/api/auth/callback/azure-ad.
Register an app in Azure
- In the Microsoft Entra admin center (or the Azure Portal), go to App registrations → New registration
- Enter a name (e.g. "Willow Integration")
- Under Supported account types, select Accounts in this organizational directory only (Single tenant)
- Add a Redirect URI (web):
{gatewayUrl}/api/auth/callback/azure-ad - Select Register, then copy the Application (client) ID and Directory (tenant) ID
- Go to Certificates & secrets and create a Client secret and copy the value immediately
For more details, see Microsoft's guide to registering an application in the Microsoft identity platform.
Finish in Willow
- Go to Admin → Settings → Authentication Settings
- Select Provider: Azure
- Enter the Client ID, Client Secret, and tenantId
- Select Save Changes
