- Prepare application
- Setup SSO
- Setup SCIM provisioning
How to prepare the application
- Go to https://entra.microsoft.com/ and log in to your account.
- Create Enterprise application:

- Click “Create your own application”
- Enter name of your application
- Select “Integrate any other application you don’t find in the gallery (Non-gallery)”
- Click “Create”

How to set up SSO
- Go to https://brightdata.com and log in to your account.
- Choose Settings->Account settings->Passwords & authentication in left side menu and toggle Microsoft Entra ID (Azur AD) switch

- From “App registrations” view select your application.
- Copy “Application (client) ID” to “Client ID”
- Copy “Directory (tenant) ID” to “OAuth2 issuer (tenant)”
- Go to “Add a certificate or secret”

- At secrets screen click “New client secret”
- Fill Description
- Click “Add”

- Once secret is created copy secret value to “Client secret”.
- Copy “Sign-in redirect URI” to be used at next step

- At “Authentication” screen click “Add platform” and select “Web”

- Paste previously copied “Sign-in redirect URI” to the “Redirect URIs” and save settings by clicking “Configure”:

- Activate EntraID integration at BrighData control panel and test login:

Setup SCIM provisioning
- Copy “Auth token” from SCIM section of BrightData EntraID settings:

- Select your application from “Enterprise Applications” view and go to “Provisioning” settings:

- Select “Provisioning” under “Manage” menu:

- Select “Automatic” Provisioning Mode
- Fill “Tenant URL” with https://brightdata.com/users/auth/scim value
- Fill “Secret Token” with previously copied value from BrightData control panel settings
- Test Connection. You should see successful message in top right corner Save Settings

- Return to “Overview” tab and click “Start provisioning”.
- You can test provisioning at “Provision on demand” page, but first assign your users to BrightData application at “Users and groups” page:

Troubleshooting
What should a user do if they are not receiving a password reset email?
What should a user do if they are not receiving a password reset email?
If your organization has enabled enforced Entra SSO, password reset emails are not sent, because password-based authentication is disabled on accounts with enforced SSO.To sign in:
- Go to the Bright Data sign-in page.
- Enter the user’s email address.
- The user will be automatically redirected to the Microsoft Entra sign-in page.
- After a successful Entra sign-in, the user is redirected back to Bright Data.
Why is a user redirected to a Microsoft login page they do not recognize?
Why is a user redirected to a Microsoft login page they do not recognize?
This is expected behavior when Entra SSO is enforced. The Bright Data login page detects the email domain associated with your organization’s Entra tenant and redirects the user to your configured Microsoft Entra sign-in page.