---
title: "Fortanix DSM with Microsoft Entra ID for OAuth 2.0 and OpenID Connect Authentication"
slug: "using-fortanix-data-security-manager-with-microsoft-entra-id-for-oauth-20-and-openid-connect-authentication"
updated: 2026-04-14T17:05:20Z
published: 2026-04-14T17:05:20Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://support.fortanix.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Fortanix DSM with Microsoft Entra ID for OAuth 2.0 and OpenID Connect Authentication

## 1.0 Introduction

This article describes the steps to integrate**Fortanix-Data-Security-Manager (DSM)**with**Microsoft Entra ID**using**OAuth 2.0**and**OpenID Connect (OIDC)**for **Single Sign-On (SSO)-**based authentication.

It also covers the following details:

- Creating a new Microsoft Entra ID application configured for OAuth 2.0 and OIDC.
- Generating a client secret.
- Configuring OAuth-based SSO in Fortanix DSM.
- Testing the authentication flow.

## 2.0 Prerequisites

Ensure you have the following:

- An active Azure subscription with administrator (admin) permissions in Microsoft Entra ID.
- Admin access to Fortanix DSM for configuring OAuth-based SSO.

## 3.0 Create a Microsoft Entra ID Application

Perform the following steps to create and configure a new Microsoft Entra ID application for OAuth:

1. Log in to the [Azure Portal](https://portal.azure.com).
2. Navigate to **Microsoft Entra ID** from the Azure portal Home page under **Azure services**, or by selecting **Microsoft Entra ID** from the left navigation panel.
3. On the **Microsoft Entra ID** page, under **Manage** in the left navigation panel, select **App registrations**.
4. Click **New registration**.
5. On the **Register an application** page:
  - **Name**: Enter a user-facing display name for the application. For example, **fortanix_oauth**.
  - **Supported account types**: Select **Accounts in this organizational directory only (<your organization name> only - Single tenant)**.
  - Under **Redirect URI**:
    - **Platform**: Select **Web**
    - **Redirect URI**: Enter `https://&lt;Fortanix_DSM_url&gt;/oauth`.

For example, `https://amer.smartkey.io/oauth`
6. Click **Register** to create the application.

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/using-fortanix-data-security-manager-with-microsoft-entra-id-for-oauth-2.0-and-openid-connect-authentication-image-2gf4id1o.png)

**Figure 1: Add a Microsoft Entra ID application**
7. The application's **Overview** page is displayed. Copy the **Application (client) ID** value. This will be used as **Client ID** when configuring Fortanix DSM.
8. On the **Overview** page, click **Endpoints**.
9. From the **Endpoints** panel, copy the following values for using them when configuring Fortanix DSM:

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/using-fortanix-data-security-manager-with-microsoft-entra-id-for-oauth-2.0-and-openid-connect-authentication-image-xtpdfe89.png)

**Figure 2: Retrieve the endpoints**
  - **OAuth 2.0 authorization endpoint (v2)**
  - **OAuth 2.0 token endpoint (v2)**

## 4.0 Create a Client Secret

A client secret is a string value that your application uses to authenticate itself when requesting tokens from Microsoft Entra ID.

Perform the following steps to add a client secret for your Microsoft Entra ID application:

1. In **App registrations**, select your application created in [*Section 3.0: Create a Microsoft Entra ID Application*](/v1/docs/using-fortanix-data-security-manager-with-microsoft-entra-id-for-oauth-20-and-openid-connect-authentication#30-create-a-microsoft-entra-id-application)*.*
2. Select **Certificates & secrets** **→** **Client secrets** **→** **New client secret**.
3. On the **Add a client secret** panel,

> [!NOTE]
> NOTE
> 
> - The client secret lifetime is limited to a **maximum of 24 months (two years)**. A custom lifetime longer than 24 months cannot be specified.
> - Microsoft recommends setting an expiration period of **180 days (6 months)**.
  - **Description**: Enter a description for the client secret.
  - **Expires**: Select an expiration period for the secret or specify a custom lifetime.
4. Click **Add**to create the client secret.

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/using-fortanix-data-security-manager-with-microsoft-entra-id-for-oauth-2.0-and-openid-connect-authentication-image-q9fyl9i9.png)

**Figure 3: Add a client secret**

> [!NOTE]
> NOTE
> 
> Ensure that you copy the client secret value after creation. It is displayed only once and will be required when configuring Fortanix DSM.

## 5.0 Configure OAuth SSO in Fortanix DSM

Perform the following steps to configure Microsoft Entra ID OAuth in Fortanix DSM:

1. Log in to Fortanix DSM.
2. In the Fortanix DSM user interface (UI), navigate to **Settings**→ **AUTHENTICATION**tab, and select **SINGLE SIGN-ON** as the authentication method.
3. Click **ADD OAUTH INTEGRATION** to add a new OAuth integration.

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/using-fortanix-data-security-manager-with-microsoft-entra-id-for-oauth-2.0-and-openid-connect-authentication-image-0kfpun2f.png)

**Figure 4: Add an Oauth SSO**
4. On the **Add OAuth integration** page:
  1. **OAuth Provider**: Select **Custom.**
  2. **Provider Name**: Enter a name for the provider. For example, **Customer_SSO**.
  3. **Authorization Endpoint**: Enter the **OAuth 2.0 authorization endpoint (v2)** value obtained in [*Section 3.0: Create a Microsoft Entra ID Application*](/v1/docs/using-fortanix-data-security-manager-with-microsoft-entra-id-for-oauth-20-and-openid-connect-authentication#30-create-a-microsoft-entra-id-application).
  4. **Token Endpoint**: Enter the **OAuth 2.0 token endpoint (v2)**value obtained in [*Section 3.0: Create a Microsoft Entra ID Application*](/v1/docs/using-fortanix-data-security-manager-with-microsoft-entra-id-for-oauth-20-and-openid-connect-authentication#30-create-a-microsoft-entra-id-application).
  5. **Authorization Method**: Select **client_secret_post**.
  6. **Client ID**: Enter the **Application (client) ID** obtained in [*Section 3.0: Create a Microsoft Entra ID Application*](/v1/docs/using-fortanix-data-security-manager-with-microsoft-entra-id-for-oauth-20-and-openid-connect-authentication#30-create-a-microsoft-entra-id-application).
  7. **Client Secret**: Enter the client secret value obtained in [*Section 4.0: Create a Client Secret*](/v1/docs/using-fortanix-data-security-manager-with-microsoft-entra-id-for-oauth-20-and-openid-connect-authentication#40-create-a-client-secret).
5. Click**ADD INTEGRATION**to save the OAuth configuration.

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/using-fortanix-data-security-manager-with-microsoft-entra-id-for-oauth-2.0-and-openid-connect-authentication-image-ykoqonyq.png)

**Figure 5: Configure Oauth in Fortanix DSM**

## 

> [!NOTE]
> NOTE
> 
> External roles are not currently supported with Microsoft Entra ID. This feature is supported only for LDAP-based authentication. *For more information, refer to*[*Single Sign-On*](/v1/docs/users-guide-single-sign-on#60-ldap-authorization).

## 6.0 Test the Integration

Perform the following steps to verify the OAuth SSO integration:

1. Log out of Fortanix DSM to sign in using SSO.
2. On the Fortanix DSM **Login**page, click the **LOG IN WITH <Name of your SSO> (**for example,**CUSTOMER_SSO)**to authenticate using the newly configured SSO integration.

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/using-fortanix-data-security-manager-with-microsoft-entra-id-for-oauth-2.0-and-openid-connect-authentication-image-nc3tr91d.png)

**Figure 6: Test the integration**
3. The Microsoft Entra ID sign-in page appears.

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/using-fortanix-data-security-manager-with-microsoft-entra-id-for-oauth-2.0-and-openid-connect-authentication-image-o2k1okgp.png)

**Figure 7: Log in to the Microsoft Entra page**
  1. Enter your Microsoft credentials.
  2. Review requested permissions
  3. Click **Accept** (if prompted).
4. After successful authentication, you are automatically redirected to Fortanix DSM and signed in to your DSM account.

Fortanix Data Security Manager (DSM) is the world’s first cloud service secured with Intel® SGX. With Fortanix DSM, you can securely generate, store, and use cryptographic keys and certificates, as well as other secrets such as passwords, API keys, tokens, or any blob of data. Your business-critical applications and containers can integrate with Fortanix DSM using legacy cryptographic interfaces (PKCS#11, CNG, and JCE) or using the native Fortanix DSM RESTful interface.