Documentation Index

Fetch the complete documentation index at: https://kb.lasernetgroup.com/llms.txt

Use this file to discover all available pages before exploring further.

Configure Microsoft Entra ID for Lasernet Core User Authentication

  • Updated on Apr 16, 2026
  • Published on Jan 30, 2026
  • 3 minute(s) read
  • Sunil Panchal
 Prev Next

Applies to: Lasernet Core 11

To enable Lasernet Core to authenticate users against Microsoft Entra ID, you must configure an app registration.

Create a Microsoft Entra ID App Registration

Follow these steps:

  1. Log in to the Azure Portal.

  2. Navigate to Microsoft Entra ID.

  3. Click Add and then select App registration in the dropdown menu.
    Add app registration menu item in the Azure Portal.

  4. Enter a Name. The Name is shown to users if they log in to Azure.

    The Register an application page in the Azure Portal.

  5. Select Accounts in this organizational directory only.

  6. Enter a Redirect URI. The Redirect URI must be set to https://<FQDN-of-Lasernet-Core-Server>/lasernet/auth (appropriately substitute <FQDN-of-Lasernet-Core-Server>). If Lasernet Config Server is running on a port other than 443, appropriately modify Redirect URI (for example: https://lasernet.mydomain.com:33443/lasernet/auth).

  7. Click Register.

Configure Authentication Settings

Follow these steps:

  1. After creating the app registration, navigate to the Authentication page in the left-side menu.

  2. Select the ID tokens checkbox.
    The Authentication page for the application in Azure Portal.

  3. Optional: Add additional Redirect URIs to the list if required.

  4. Click Save.

Note

Add a Redirect URI for each FQDN you use to access Lasernet Core (including localhost).

Configure App Roles

Microsoft Entra ID users are granted access to Lasernet Core through their membership of app roles. These roles will determine a user’s permissions in Lasernet Core.

Lasernet Core includes a built-in “external role” for administrative access called Admin.Global. You must create a corresponding app role in Entra ID, which you will assign to the appropriate Entra ID users. Entra ID users who have this app role will be given the Admin.Global external role by Lasernet Config Server, which will grant them administrator-level access when they sign in to Lasernet Core.

  1. On the app registration’s Entra ID page, click the App Roles tab.

  2. Click Create app role.

  3. In the Display Name box, enter Global Administrators (or similar).

    The Create app role page in the Azure Portal.

  4. For Allowed member types, click Users/Groups.

  5. In the Value box, enter Admin.Global

  6. In Description, enter Global administrators will have full access to Lasernet Core (or similar).

  7. Click Apply.

Note

You can create and configure additional app roles if necessary.

Configure the Lasernet Core Enterprise Application

Follow these steps:

  1. Navigate to Microsoft Entra ID.

  2. Click the Enterprise applications tab.

  3. Search for the Lasernet Core enterprise application (using the name you provided when creating the app registration).

  4. Select the Lasernet Core enterprise application in the search results.

  5. Click Properties in the left-side menu.

  6. Set User assignment required to Yes. Lasernet enterprise application properties in the Azure Portal.

  7. Click Save.

Assign Users and Groups to the Admin.Global App Role

To enable users to access Lasernet Core, use Microsoft Entra ID to assign one or more users or groups to the administrative role.

User assignment is done through Azure Portal > Microsoft Entra ID > Enterprise Applications.

  1. Navigate to Microsoft Entra ID.

  2. Click the Enterprise applications tab.

  3. Search for the Lasernet Core enterprise application (using the name you provided when creating the app registration).

  4. Select the enterprise application in the search results.

  5. Click Manage > Users and groups in the left-side menu.

  6. Click Add user/group. The Add user/group button is indicated for the Lasernet enterprise application User and Groups page.

  7. Select a user or group.

  8. If the user isn’t assigned the Global administrators role, you must select it manually.

    Note

    If no other app roles are configured, the role assignment will default to Global administrators.

  9. Click Assign.

  10. On the Security > Permissions page, click Grant admin consent. This step enables the users that you assigned to the enterprise application to access Lasernet Core without requiring further administrator approval.

    The Grant admin consent button is indicated on the Lasernet enterprise application Permissions page.

Collect the Information Required to Configure Lasernet Core

In order to configure Lasernet Core for Microsoft Entra ID authentication, you must collect some information about the app registration that you created.

  1. Navigate to Microsoft Entra ID.

  2. Click the App registrations tab.

  3. Search for the Lasernet Core app registration using the name you provided when creating the app registration.

  4. Select the app registration in the search results.

  5. On the Overview pane, copy the Application (client) ID value and make a note of it for later use. The Application (client) ID is indicated on the Lasernet app registration page.

  6. Click the Endpoints tab. The Endpoints button is indicated on the Lasernet app registration page.

  7. Copy the OpenID Connect Metadata document endpoint value and store it for later. The OpenID Connect metadata document value is indicated on the Endpoints page.

Next Steps

The next part of the process is to configure external authentication for Lasernet Config Server.

Was this page helpful? Let us know at knowledgebase.feedback@lasernetgroup.com