Entra Authentication SiteKiosk Online: Step‑by‑Step Setup Tutorial

Feb 13, 2026 | Tutorials | 0 comments

SiteKiosk Online SSO

If you want to authenticate Microsoft Entra ID users in SiteKiosk Online, whether using the Cloud or a self‑hosted server, follow these simple steps to configure your settings correctly.

This guide walks you through creating your App Registration, setting up your redirect and logout URLs, and granting the proper permissions for communication between Entra ID and SiteKiosk Online.

Step 1: Open Microsoft Entra and Create a New App Registration

  1. Sign in to your Microsoft Entra Admin Center. Navigate to Entra ID > App registrations.
  2. Select New registration.
  3. Name your app SiteKioskOnline (or another descriptive name). This name is referred to as “MyEntraIDconfig” below.
  4. Under Platform, choose Web.
  5. Click Register to create the new app.

Your configuration will vary depending on whether you’re using SiteKiosk Online Server (on‑premises) or SiteKiosk Online Cloud, but the Entra setup process is the same.

Step 2: Record Your Application Details

After registering, locate and save these two values from the app overview page:

  • Application (client) ID

  • Directory (tenant) ID

You’ll need these when connecting SiteKiosk Online to Entra.

Step 3: Add Redirect and Logout URIs

  1. In your app’s left‑side menu, go to Authentication.
  2. Add your redirect URI in this format:
    https://<your-hostname>/auth/signin-oidc-<MyEntraIDconfig>
  3. Then, add your logout URI (for example:
    https://<your-hostname>/auth/signout-callback-oidc-<MyEntraIDconfig>.
  4. Save your changes.

These URLs allow SiteKiosk Online to handle sign‑in and sign‑out actions securely through Entra.

Step 4: Create a Client Secret

  1. Go to Certificates & secrets.
  2. Click New client secret and name it something identifiable, such as SiteKioskOnlineSecret.
  3. Choose your expiration period and click Add.
  4. Copy the Value of the client secret immediately. You won’t be able to view it again later.

Record your Client Secret Value and Secret ID for your SiteKiosk configuration.

Step 5: Assign Application Permissions

There are two ways to assign rights:

  • Through Roles and Administrators by assigning the Directory Readers role,

  • Or directly from API permissions, which is simpler.

To use API permissions:

  1. Click API permissions in your app menu.
  2. Select Add a permission.
  3. Choose Microsoft Graph > Application permissions.
  4. Add the following permissions:
  5. Group.Read.All
  6. User.Read.All
  7. Click Grant admin consent and confirm when prompted.
  8. If prompted, re‑authenticate with your Entra credentials.

Once permissions are granted, Entra can securely share user and group details with SiteKiosk Online.

Step 6: Connect Entra with SiteKiosk Online

Now that Entra is configured, you can set up your SiteKiosk Online backend:

  • If you’re self‑hosting SiteKiosk Online Server, use the Client ID, Tenant ID, and Client Secret you saved to configure authentication in your admin settings.

  • If you’re using SiteKiosk Online Cloud, you can send these details to the SiteKiosk support team—they’ll complete the backend connection for you.

In the steps above you collected the following Entra information to apply to the SiteKiosk Online Server settings. Ensure you have this info before proceeding.

– Entra app name
– Application (client) ID
– Directory (tenant) ID
– Application (client) Secret

SiteKiosk Entra Settings SSO

Next Steps

To continue, watch the next video below for a walkthrough of applying the Entra details to the backend SiteKiosk Online server administration settings.

Entra Authentication SiteKiosk Online can be configured in a few clear steps in the backend of your self‑hosted/on-premise SiteKiosk Online Server. These steps will follow after you have already configured SiteKiosk Online as an app in your Entra account. These steps are not applicable for SiteKiosk Online Cloud.

Step 1: Log in to SiteKiosk Online Server Administration

  1. Open your browser and go to your self‑hosted SiteKiosk Online Server URL.
  2. Log in to the SiteKiosk Online Server administration backend with your admin credentials.
  3. After logging in, you will see the administration interface where you can adjust server settings and team configuration.

Step 2: Open External Authentication Provider Settings

  1. In the top menu, click Settings.
  2. In the settings area, find External Authentication Provider Settings.
  3. Click Edit Configuration to open the configuration page for external identity providers such as Microsoft Entra ID.

Step 3: Add Your Entra ID Domain Configuration

  1. Under Configured Entra ID Domains, click Add New.
  2. In the dialog or form that opens, enter:
  3. The application name you used in Microsoft Entra (from the first video).
  4. Your Directory (tenant) ID.
  5. Your Application (client) ID.
  6. The Client Secret Value from the Certificates & secrets page in Entra.
  7. After entering all fields, click Test to verify the connection.
  8. Once you get a successful test message, click the green Save button.
  9. Wait until the page finishes saving and you see your Entra application listed under configured domains.

If you forget to click Save, the configuration will not be stored, even if the test was successful, so make sure this step is completed before moving on.

Step 4: Go to the Teams Menu

  1. Click the Teams menu to open the list of teams on your SiteKiosk Online Server.
  2. If you don’t have a team yet:
  3. Click New Team to create one.
  4. Complete the required fields to create the team.
  5. You must have at least one team created before you can assign Entra Authentication SiteKiosk Online to it.

Step 5: Activate External Authentication for a Team

  1. In the Teams list, locate the team you want to connect to Entra.
  2. Under the External Authentication column for that team, click Activate External Authentication (or the link that shows it is not yet configured).
  3. In the configuration window:
  4. Select your Entra provider (the app you configured earlier on the Settings page).
  5. Enter the Entra group name that contains the users who should log in to this team.
  6. Enter the username of the team administrator.
  7. Click Test:
  8. If you see an error, check that you entered the group name, not the app name. The group should match the Entra security group that holds your users.
  9. When the test is successful, proceed to the next step.
  10. Click Activate to enable Entra authentication for this team.
  11. Confirm the prompt that warns existing manually created users may be removed and replaced by the Entra group members.
  12. After activation completes, you return to the Teams page and now see options to Modify or Deactivate the external authentication, indicating that it is active.

Step 6: Log Out and Test Entra Authentication

  1. Log out of the administration backend to return to the server login page.
  2. On the login page, you will now see an Authentication provider drop‑down or option.
  3. Choose the provider that corresponds to your Entra Authentication SiteKiosk Online configuration (for example, “Sign in with Microsoft”).
  4. Select the team you want to log in to, if prompted.
  5. Click Sign In with Microsoft.
  6. In the Microsoft sign‑in dialog:
  7. Choose the Entra user account that belongs to the configured group.
  8. Enter the password for that Entra user.
  9. Complete the multi‑factor authentication (2FA) step if required (for example, entering the authentication code).
  10. After successful sign‑in, you are logged in to the selected team with your Entra user.

Step 7: Verify Entra User Groups in SiteKiosk Online

  1. In the backend, navigate to User groups or the equivalent user management section.
  2. Confirm that there is now a group corresponding to your Entra users.
  3. You should see the list of Entra users who were synchronized from the Entra group used in the external authentication configuration.
  4. Repeat the sign‑in process if needed:
  5. Select the Entra group.
  6. Click Sign In with Microsoft.
  7. Choose the user, enter password, and complete 2FA.
  8. Verify that the user is logged in and appears in the correct group.
  9. As an admin, you will need to assign user permissions to the other user or the group for them to be able to log in.

With these steps, you have fully activated Entra Authentication SiteKiosk Online for your self‑hosted SiteKiosk Online Server, allowing your Entra users to log in securely with their Microsoft accounts.

Entra Authentication SiteKiosk Online FAQ

Q: What is the first step to set up Entra Authentication SiteKiosk Online?
A: Log into your Microsoft Entra Admin Center, navigate to Entra ID > App registrations, and click New registration to create an app named SiteKiosk Online with your server hostname as the redirect URI.

Q: What Entra ID details do I need to record for SiteKiosk Online?
A: Note down the Application (client) ID and Directory (tenant) ID from the app overview page, plus the Client Secret Value from Certificates & secrets—these are required for both Cloud and self-hosted server configurations.

Q: How do I add redirect and logout URIs in Entra for SiteKiosk Online?
A: In the Authentication section of your app, add Web platform URIs like https://<your-hostname>/auth/signin-oidc-<appName> for redirect and https://<your-hostname>/auth/signout-callback-oidc-<appName> for logout, then save.

Q: What permissions does the Entra app need for SiteKiosk Online authentication?
A: Under API permissions, add Microsoft Graph Application permissions: Group.Read.All and User.Read.All, then click Grant admin consent for your tenant (re-authenticate if prompted).

Q: How do I configure Entra settings in a self-hosted SiteKiosk Online Server backend?
A: Log into server administration, go to Settings > External Authentication Provider Settings > Edit Configuration, click Add New under Configured Entra ID Domains, enter app name, tenant ID, client ID, and secret, test, then click the green Save button.

Q: Why might my Entra test fail when adding a domain in SiteKiosk Online Server?
A: Ensure you click Save after a successful test—the configuration won’t persist without saving. Double-check that all fields (app name, tenant ID, client ID, secret) match exactly from Entra.

Q: How do I activate Entra authentication for a specific team in SiteKiosk Online?
A: In the Teams menu, select your team, click Activate External Authentication under the External Authentication column, choose your Entra provider, enter the Entra group name (not app name) and team admin username, test, then activate.

Q: What happens when I activate Entra Authentication SiteKiosk Online on a team?
A: Existing manually created users are removed and replaced by members from the specified Entra group; the Teams page then shows options to Modify or Deactivate the active external authentication.

Q: How do I test Entra login after setup in SiteKiosk Online?
A: Log out of the backend, on the login page select your Entra provider (Sign In with Microsoft), choose the team, pick an Entra user from the configured group, enter password and 2FA code if prompted—you’ll land in the team with Entra user groups visible.

Q: Can I use Entra Authentication SiteKiosk Online with SiteKiosk Online Cloud?
A: Yes, complete the Entra app setup (first video steps) and send your Client ID, Tenant ID, and Client Secret to SiteKiosk support—they handle the backend Cloud configuration for you.

Q: What if I enter the wrong group name when activating Entra on a SiteKiosk Online team?
A: The test will fail—use the exact Entra security group name containing your users (e.g., “SKOEntra”), not the app registration name, then retest for success before activating.

Q: Why can’t my Entra users log in to SiteKiosk Online?
A: Most likely, the individual users or group as a whole do not have a user role assigned. Select the user or group and click the Add Role button, select a role and save. 

Submit a Comment

Your email address will not be published. Required fields are marked *