Contents x
      Configure Microsoft Entra ID for Lasernet User Authentication
      • 30 Jan 2026
      • 3 Minutes to read
      • Contributors
      • Print
      • PDF
      Contents

      Configure Microsoft Entra ID for Lasernet User Authentication

      • Updated on 30 Jan 2026
      • 3 Minutes to read
      • Contributors
      • Print
      • PDF
      Article summary

      Applies to: Lasernet 11

      To enable Lasernet to authenticate users against Microsoft Entra ID, you must configure an app registration.

      Create a Microsoft Entra ID App Registration

      Follow these steps:

      1. Log in to the Azure Portal.

      2. Navigate to Microsoft Entra ID.

      3. Click Add and then select App registration in the dropdown menu.
        Add app registration menu item in the Azure Portal.

      4. Enter a Name. The Name is shown to users if they log in to Azure.

        The Register an application page in the Azure Portal.

      5. Select Accounts in this organizational directory only.

      6. Enter a Redirect URI. The Redirect URI must be set to https://<FQDN-of-Lasernet-Server>/lasernet/auth (appropriately substitute <FQDN-of-Lasernet-Server>). If Lasernet Config Server is running on a port other than 443, appropriately modify Redirect URI (for example: https://lasernet.mydomain.com:33443/lasernet/auth).

      7. Click Register.

      Configure Authentication Settings

      Follow these steps:

      1. After creating the app registration, navigate to the Authentication page in the left-side menu.

      2. Select the ID tokens checkbox.
        The Authentication page for the application in Azure Portal.

      3. Optional: Add additional Redirect URIs to the list if required.

      4. Click Save.

      Note

      Add a Redirect URI for each FQDN you use to access Lasernet (including localhost).

      Note

      For access to the Lasernet Web Client, you must add a Redirect URI for https://<FQDN>/lasernet/client (appropriately substitute <FQDN>).

      Configure App Roles

      Microsoft Entra ID users are granted access to Lasernet through their membership of app roles. These roles will determine a user’s permissions in Lasernet.

      Lasernet includes a built-in “external role” for administrative access called Admin.Global. You must create a corresponding app role in Entra ID, which you will assign to the appropriate Entra ID users. Entra ID users who have this app role will be given the Admin.Global external role by Lasernet, which will grant them administrator-level access when they sign in to Lasernet.

      1. On the app registration’s Entra ID page, click the App Roles tab.

      2. Click Create app role.

      3. In the Display Name box, enter Global Administrators (or similar).

        The Create app role page in the Azure Portal.

      4. For Allowed member types, click Users/Groups.

      5. In the Value box, enter Admin.Global

      6. In Description, enter Global administrators will have full access to Lasernet (or similar).

      7. Click Apply.

      Note

      You can create and configure additional app roles if necessary.

      Configure the Lasernet Enterprise Application

      Follow these steps:

      1. Navigate to Microsoft Entra ID.

      2. Click the Enterprise applications tab.

      3. Search for the Lasernet enterprise application (using the name you provided when creating the app registration).

      4. Select the Lasernet enterprise application in the search results.

      5. Click Properties in the left-side menu.

      6. Set User assignment required to Yes. Lasernet enterprise application properties in the Azure Portal.

      7. Click Save.

      Assign Users and Groups to the Admin.Global App Role

      To enable users to access Lasernet, use Microsoft Entra ID to assign one or more users or groups to the administrative role.

      User assignment is done through Azure Portal > Microsoft Entra ID > Enterprise Applications.

      1. Navigate to Microsoft Entra ID.

      2. Click the Enterprise applications tab.

      3. Search for the Lasernet enterprise application (using the name you provided when creating the app registration).

      4. Select the enterprise application in the search results.

      5. Click Manage > Users and groups in the left-side menu.

      6. Click Add user/group. The Add user/group button is indicated for the Lasernet enterprise application User and Groups page.

      7. Select a user or group.

      8. If the user isn’t assigned the Global administrators role, you must select it manually.

        Note

        If no other app roles are configured, the role assignment will default to Global administrators.

      9. Click Assign.

      10. On the Security > Permissions page, click Grant admin consent. This step enables the users that you assigned to the enterprise application to access Lasernet without requiring further administrator approval.

        The Grant admin consent button is indicated on the Lasernet enterprise application Permissions page.

      Collect the Information Required to Configure Lasernet

      In order to configure Lasernet for Microsoft Entra ID authentication, you must collect some information about the app registration that you created.

      1. Navigate to Microsoft Entra ID.

      2. Click the App registrations tab.

      3. Search for the Lasernet app registration using the name you provided when creating the app registration.

      4. Select the app registration in the search results.

      5. On the Overview pane, copy the Application (client) ID value and make a note of it for later use. The Application (client) ID is indicated on the Lasernet app registration page.

      6. Click the Endpoints tab. The Endpoints button is indicated on the Lasernet app registration page.

      7. Copy the OpenID Connect Metadata document endpoint value and store it for later. The OpenID Connect metadata document value is indicated on the Endpoints page.

      Next Steps

      The next part of the process is to configure external authentication for Lasernet Config Server.

      What's Next