Registering Airgentic in your Identity Provider

Before your users can sign in to the Airgentic widget with their organisational accounts, you need to register Airgentic as an application in your identity provider. This is a one-time setup performed by an IT administrator.

The most common provider is Microsoft Entra ID (formerly Azure AD), which is covered in detail below. Instructions for Okta and Google Workspace are included at the end.

Microsoft Entra ID

Step 1: Create a new app registration

1. Sign in to the Azure Portal.
2. Navigate to Microsoft Entra ID → App registrations → New registration.
3. Fill in the following:

1. Click Register.

Step 2: Create a client secret

1. Go to Certificates & secrets in the left menu.
2. Under Client secrets, click New client secret.
3. Enter a description (e.g. "Airgentic production") and select an expiry period.
4. Click Add.
5. Copy the secret value immediately — it is only shown once. You'll send this to Airgentic.

Step 3: Note the IDs

After registration, you'll be taken to the app's Overview page. Note two values:

• Application (client) ID — a UUID like abc12345-1234-1234-1234-123456789abc
• Directory (tenant) ID — a UUID like def67890-5678-5678-5678-567890abcdef

You'll send both of these to Airgentic, along with the client secret you created in Step 2.

Step 4: Verify the redirect URI

1. Go to Authentication in the left menu.
2. Under Web, confirm your callback URL is listed (e.g. https://intranet.yourorg.gov.au/callback).
3. If your widget will be embedded on multiple sites, add a redirect URI for each.

Step 5 (optional): Configure group claims

If you want to restrict access to members of specific groups (e.g. "HR-Staff"), you need to include groups in the token:

1. Go to Token configuration → Add groups claim.
2. Choose the group types to include (e.g. Security groups).
3. Under ID token, ensure the claim is configured.

Let Airgentic know the group names or IDs you want to use, and we'll add them to your authorisation rules.

Step 6: Send details to Airgentic

Email the following to Airgentic (or provide them to your Airgentic contact):

• Application (client) ID
• Directory (tenant) ID
• Client Secret (the value you copied in Step 2)
• Redirect URI(s) you registered
• Allowed origins — the URL(s) of the site(s) where the widget will be embedded (e.g. https://intranet.yourorg.gov.au)
• Authorisation preference — how you'd like to control access (e.g. "all users at our domain", "members of X group", or specific email addresses)

We'll configure your service and let you know when it's ready to test.

Okta

1. In the Okta Admin Console, create a new OIDC application.
2. Set the application type to Web Application.
3. Add your callback URL as the Sign-in redirect URI.
4. Note the Client ID, Client Secret, and your Okta Issuer URL (e.g. https://your-domain.okta.com/oauth2/default).
5. If using group-based authorisation, add a groups claim to the ID token in your authorization server settings.
6. Send the Client ID, Client Secret, Issuer URL, redirect URI(s), and authorisation preferences to Airgentic.

Google Workspace

1. In the Google Cloud Console, create or select a project.
2. Navigate to APIs & Services → Credentials → Create Credentials → OAuth client ID.
3. Set the application type to Web application.
4. Add your callback URL under Authorized redirect URIs.
5. Note the Client ID and Client Secret.
6. Send the Client ID, Client Secret, redirect URI(s), and authorisation preferences to Airgentic.

Next steps

Once Airgentic has configured your service, add the widget to your site with authentication enabled. See Adding the Secure Widget to Your Site.

← Back to Secure Services overview