Silent login for the Windows desktop client

Integrating the s.GUARD desktop client with Entra ID. If Microsoft Entra ID is used, the s.GUARD desktop client offers the possibility to configure silent login by using the Windows primary refresh t…

Updated
Integrating the s.GUARD desktop client with Entra ID

If Microsoft Entra ID is used, the s.GUARD desktop client offers the possibility to configure silent login by using the Windows primary refresh token (PRT).

In that case, any person which is registered in Entra ID can be logged in with his Windows user in the s.GUARD desktop client without any user interaction.

This method can be used with both hybrid joined and Entra joined devices.

Configuration on Microsoft Azure

To enable silent login, the following configuration steps must be performed:

  1. Log in to Microsoft Azure portal and access Entra ID
  2. Go to "Manage -> Enterprise applications"
  3. Click "+ New application" on the top left
  4. Click "+ Create your own application" on the top left
  5. Enter a descriptive name for the newly created application and select "Integrate any other application...". Then click "Create"
  6. Go to "Manage -> Properties" and click the link for "application registration"
  7. Go to "Manage -> API permissions" and click "+ Add a permission"
  8. Select "Microsoft Graph" and click "Delegated permissions"
  9. Select "User -> User.Read" and click "Add permissions"
  10. Click on "Grant admin consent for..." and make sure the green check mark has been set
  11. Go to "Authentication" and click "+ Add a platform"
  12. Select "Mobile and desktop applications"
  13. Add the following custom redirect URLs:
    - ms-appx-web://microsoft.aad.brokerplugin/{client_id}
    - http://localhost:3456/auth_callback
  14. Go back to "Overview" and copy the "Application (client) ID" and "Directory (tenant) ID".
    Send both IDs to s.GUARD support.

SSO via OAuth 2.0 / OIDC

SCIM Configuration in Entra ID

Contact