Powered by its Identity & Access Management platform Carerix offers multiple ways to setup Single Sign-On. It allows customers to configure various identity providers for user authentication. This article explains how to configure Microsoft Entra ID (former Azure Active Directory) as a Single Sign-On (SSO) identity provider for Carerix. After completing these steps, users will be able to log in to Carerix using their Microsoft account.

For the steps below, we will assume that there is an already existing Azure Active Directory multi-tenant or single-tenant.

Configuring Microsoft Azure Application Registration

1. Create an Application Registration for Carerix

This application will be what Carerix uses to authenticate your active directory users with your Azure tenant. Navigate to https://portal.azure.com and select the App registrations option under the Azure services section.

⚠️ Please note: You will need administrative permissions in Azure to create an app registration.

Select the New registration option in the upper left-hand corner.

Provide a name for the application you are registering. For supported account types always select multi-tenant. Then select the register button.
You can skip the Redirect URI for now, as it will be generated by Carerix later.

After you register your application, Azure returns you to the Application registration’s overview page. Note your Application (client) ID as you will need it later when creating your identity provider in the Carerix Identity Provider Setup.

2. Create a Client Secret for your Newly Registered Application

Navigate to the Certificates and secrets section. Create a new client secret and copy the generated value now — you cannot view it again after leaving this page.
You will need to use this when establishing your identity provider in Carerix.

3. Create an Azure/Microsoft Identity Provider in Carerix

⚠️Please note: administrator permissions are needed to complete this step.

Login to Carerix and navigate to the maintenance section in the left side menu. Select the Identity Access Menu and open the second tab Identity Providers. Click on the 'Add provider' button and select the Azure/Microsoft option. A modal window opens on the right where you configure the new Identity Provider.

Alias - permanent identifier; appears in the Redirect URL and cannot be changed later. What alias you choose is free. We would suggest something like 'carerixazuresso'.
Active - enables or disables this login option
Display Name - label shown on the Carerix login screen.
Automatically redirect - if Yes, users go directly to Microsoft Entra ID login; recommended No until tested.
Client id - use the client ID as generated in step 1 during the Azure application generation.
Client secret - use the client secret as generated in step 2 in Azure.
Note: if you use copy/paste: check if you do not accidentally copy an extra space. This would mean an invalid client secret and result in not functioning identity provider.
Redirect URL - generated automatically after alias is entered; You must add the Redirect URL to your app registration in the Azure portal/Entra ID.

After filling out the (mandatory) fields click on the save button. Your Identity Provider is added to Carerix.

4. Add the redirect URL to your App registration in Entra ID

After you save the new Identity Provider in Carerix, it appears in the Identity Providers list.

In the Azure portal, open your app registration.
Go to Authentication → Add a platform → Web and paste the redirect URL from Carerix.
Then click Configure.

Then select the Add a platform option and select the Web option as your platform.

Next copy the redirect URI from Carerix and paste it into the Redirect URI option for the platform you are configuring in Azure. Ignore the other fields and click on the configure button to finish the redirect URI registration.

5. Adjust user names in Carerix

Make sure all usernames in Carerix exactly match the email addresses registered in Microsoft Entra ID (e.g., jane.doe@example.com). If they do not match, SSO will fail.