Developer Docs - Mobile Docs - Using Entra

Provide Microsoft Entra (formerly Azure AD) as an authentication provider within your Rock Mobile application.

M v6.0 C v16.3

What is Microsoft Entra

Microsoft Entra ID is a cloud-based identity and access management service that is typically used for employees. It can be used to effectively manage authentication, security and much more at an extremely scalable level.

Setup

To ensure Entra works perfectly in Rock Mobile, follow this step-by-step guide.

1. Registering The App

a. In the Entra admin portal, navigate to Applications > App registrations > New registration.

b. Configure the Register an application screen considering the information below.

Name

Provide a name for your Rock Mobile app registration. Nothing really hinges on this.

Supported Account Types

This is really up to you. If you're limiting Entra login to staff, then the Accounts in this organizational directory only is likely the right choice.

Redirect URI

The BundleId/PackageName is provided by App Factory when they create your shell. If you are unable to locate it, please reach out to the App Factory Team.

Ensure that the type of Redirect URI is set to Public client/native (mobile & desktop).

2. Add Necessary Permissions

We need to ensure that our mobile application has permission to see the necessary data of a newly authenticated user.

a. Navigate to your newly created app registration, then to API permissions > Add a permission.

b. Select Microsoft Graph

3. Add Optional Claims

Rock requires a First Name, Last Name and either a valid Phone Number or Email to process external authentication. You should take steps to ensure that those specific data points are always returned from Entra authentication.  

Out of the box, Entra will not return the first name and last name of an authenticated person to the shell. Rock needs this information to process/person match etc., so we need to go in and add these data points.

a. Under your newly created app registration, navigate to Token configuration > Add optional claim.

4. Configuring Rock Mobile

a. Jump into your Rock Mobile application (CMS Configuration > Mobile Applications > Your application > Edit).

b. In the Authentication Settings section, we're going to be configuring the Microsoft Entra settings.

Entra Client ID & Entra Tenant ID

The overview of an Entra app registration.

Microsoft Entra Authentication Provider

Select the same authentication provider that provides Entra login on web. In almost all cases, this component is either the Triumph Tech Azure AD Sync & SSO plugin or BEMA Single Sign On plugin.

c. Configure the Login block to provide Entra as an SSO option.

Supported Claims

The following identity claims are supported and can be utilized to supply additional information about a Rock Person. Since Entra configurations can vary, we supply a few different keys that are recognized and translated accordingly.