It is possible to set up Microsoft Entra ID as an OpenID provider with the planning app. With this setup, your existing Microsoft Entra ID users can log in to the planning app without a different account.
The generic instructions are also available on the Microsoft Docs website.
Setting up Microsoft Entra ID
Go to the Azure portal: https://portal.azure.com/#home
Select Microsoft Entra ID in the menu
Go to App Registrations and click on New Registration.
Insert the application's name (e.g. piplanning app) and the callback URL.
Please note: Depending on how your Microsoft Entra ID is configured and which users you want to give access to the piplanning app, you might have to select a different option in the Supported account types section. If login for some users doesn't work, try changing this configuration option.
The callback URL can be found on the "Identity Provider" page in the Cockpit.
Double-check that the permissions are correct. You need the Microsoft Graph User.Read permissions to log in successfully. If you want to map Microsoft Entra ID groups to piplanning app teams automatically, you need to add Microsoft Graph Group.Read.All permissions as well.
Next is the creation of a client secret. This can be done by going to the "Certificates & Secrets" menu item and clicking on "New client secret"
The secret can now be copied and saved. This information is needed in the piplanning app to set the Identity Provider.
Setting up the piplanning app
Login to the Cockpit and click the "Identity Provider" menu item. The OpenID Connect configuration”
The login screen will now add the option to log in with Microsoft Entra ID.
FAQ
Q: During login, I get the error: "A request to the OpenID Connect Token API has failed. Unable to complete this login request" [Backend error: AADSTS700025 - invalid_client]
A: Make sure you have selected "Web" (instead of a single page application) for the redirect URI in Azure.