Skip to content
Voquill Docs

Azure Entra ID

This guide explains how to configure Azure Entra ID as an OIDC identity provider for Voquill Enterprise.

Prerequisites

Section titled “Prerequisites”
  • An Azure account with access to Microsoft Entra ID
  • Voquill Enterprise gateway running
  • Admin access to the Voquill admin panel

Azure Configuration

Section titled “Azure Configuration”

1. Register the Application

Section titled “1. Register the Application”
  1. Go to Microsoft Entra admin center
  2. Navigate to IdentityApplicationsApp registrations
  3. Click New registration
  4. Fill in the details:
    • Name: Voquill
    • Supported account types: Select based on your needs (single tenant for most enterprise setups)
    • Redirect URI:
      • Platform: Web
      • URI: https://your-gateway-url/auth/oidc/callback
  5. Click Register

2. Note Your Application IDs

Section titled “2. Note Your Application IDs”

On the application’s Overview page, copy these values:

FieldUsed For
Application (client) IDClient ID in Voquill
Directory (tenant) IDConstructing the Issuer URL

3. Create a Client Secret

Section titled “3. Create a Client Secret”
  1. In the left sidebar, click Certificates & secrets
  2. Go to the Client secrets tab
  3. Click New client secret
  4. Enter a description (e.g., voquill-gateway)
  5. Choose an expiration period
  6. Click Add
  7. Immediately copy the secret Value (not the Secret ID) - it’s only shown once

Voquill Configuration

Section titled “Voquill Configuration”

Add the Identity Provider

Section titled “Add the Identity Provider”
  1. Open the Voquill admin panel
  2. Go to Identity Providers
  3. Click Add Provider
  4. Fill in:
FieldValue
NameMicrosoft (appears on the login button)
Issuer URLhttps://login.microsoftonline.com/{tenant-id}/v2.0
Client IDApplication (client) ID from Azure
Client SecretThe secret value you created
EnabledYes

Replace {tenant-id} with your Directory (tenant) ID from Azure.

  1. Click Save

Test the Flow

Section titled “Test the Flow”
  1. Open the Voquill desktop app
  2. Connect to your enterprise server
  3. You should see a “Microsoft” SSO button
  4. Click it to authenticate via Azure

Troubleshooting

Section titled “Troubleshooting”

”AADSTS50011: The redirect URI does not match”

Section titled “”AADSTS50011: The redirect URI does not match””

The redirect URI in Azure doesn’t match what the gateway is sending.

  • Verify the redirect URI in Azure App Registration matches your gateway URL exactly
  • Include the full path: /auth/oidc/callback
  • Check http vs https

”AADSTS700016: Application not found”

Section titled “”AADSTS700016: Application not found””
  • Verify the Client ID is correct
  • Make sure you’re using the Application (client) ID, not the Object ID

”Invalid issuer” error

Section titled “”Invalid issuer” error”
  • Verify the tenant ID in your Issuer URL is correct
  • The URL must end with /v2.0
  • No trailing slash after v2.0

User signs in but isn’t created in Voquill

Section titled “User signs in but isn’t created in Voquill”
  • Check that the Azure user has an email address set
  • The OIDC flow requires the email claim to create/match users