Skip to main content

Search

Roqos Support Center

Setting up authentication with Microsoft Entra ID for your Roqos SASE environment

  • Updated

To integrate Roqos SASE Client authentication with your Microsoft Entra ID, please follow the steps below:

  • Log in to your Azure portal and navigate to Microsoft Entra ID:




 

  • Go to Manage → App registrations and click on New Registration



 

  • Set the name as "Roqos SASE Authentication," select "Single tenant," and click "Register."




 

  • Note down the Directory (tenant) ID and Application (client) ID




 

Add Web and Application platforms for the Roqos apps under Manage Authentication:

  • Add a platformWeb and specify Redirect URI as https://sase.roqos.com/user/loginms/Client_(Application)_ID


 

  • Add a platformMobile and desktop applications and specify Redirect URI as roqossase://auth/response/Client_(Application)_ID for the SASE Apps






 

  • Add new client secret at Certificates & secrets → New Client Secret and note down the Client (Application) Value

NOTE: Please note down your secret key renewal date, as you will need to re-enter this client secret in Roqos SASE user interface when it expires and gets renewed.



 

  • Add the following permissions under Manage →  API Permissions → Add Permission → Microsoft Graph → Deletaged permissions:

User.Read, openid, profile, email, offline_access



 



 




 

  • Add the following permissions under Manage → API Permissions → Add Permission → Microsoft Graph → Application permissions:

User.Read.All, Group.Read.All, Directory.Read.All






 

After setup in Microsoft Azure has been completed, you can enabled Microsoft Entra ID authentication in your Roqos Core.

  • Go to WebApp at sase.roqos.com and login with your admin credentials.
  • Go to Assets - Users and select Microsoft Entra ID.
  • You will see instructions similar to this one, and below that three fields.
  • In Authority field, please enter your Directory (Tenant) ID in the following format:

https://login.microsoftonline.com/Tenant_ID 

  • Copy your Client ID in the next box, then the Client Secret Value
  • Finally, click on Import Users to test. 

 


 

  • If Import Users did not report an error, click Save to enable Microsoft Entra ID authentication for your Roqos Core environment.

 


 

After this point, to login to SASE Client application through Microsoft Entra ID, simply enable  the authentication mechanism as Entra ID by clicking on Authentication then selecting Microsoft Entra ID:



 

Your users will need to enter your Entra ID domain name to be authenticated with their Entra ID credentials: