In Microsoft Entra ID, make sure you are in the directory where you want to set up the application. Select App registrations from the left side panel, then click New registration.

The application name is for your reference only — pick something that fits your organization. For supported account types, choose either single-tenant or multi-tenant, depending on your organization's setup. Select "Web" as the type for the redirect URL, and paste the Callback URLs - https://app.visla.us/sso, which you copied from Visla.

Click Register.

Under the newly created application, go to Token configuration and add the upn optional claim to the ID token. Click the Add button and make sure the "Turn on the Microsoft Graph profile permission" checkbox is selected in the popup.

Create a new Client secret and copy it into Visla’s OIDC setup panel, within the Secret input. Don't turn on “Enable Single Sign-On” just yet, we still need to get the Client ID and Issuer URL for your application.

*Warning: You will need to generate a new client secret before it expires!

To complete your configuration, you need two more pieces of information. You can find both in the application's Overview section.

Your Visla OIDC configuration should now look similar to the example below. Turn on Enable Single Sign-On to activate SSO.