Share via

How to implement the single sign-on in web application

RajKumar Kannan 120 Reputation points
2026-02-06T12:44:15.3266667+00:00

I am implementing Microsoft Single Sign-On (SSO) in my Cloud FinOps web application using a Service Principal by registering it as a Single Page Application (SPA) with a redirect URL. I want users to log in without using a client secret or certificate. I need guidance on how to implement this authentication flow in my web app, how to configure it correctly in the Azure Portal, and whether there are alternative approaches for achieving Microsoft SSO without client credentials.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Answer accepted by question author
  1. Rukmini 29,625 Reputation points Microsoft External Staff Moderator
    2026-02-06T13:02:06.28+00:00

    Hello RajKumar Kannan,

    Microsoft SSO may be integrated into your Cloud FinOps SPA without the need for a client secret or certificate. The Microsoft identity platform requires SPAs to handle their apps as public clients, and interactive user-based flows, such as the OAuth 2.0 authorization code flow using PKCE, are the best method for user authentication. Client secrets and certificates belong to private clients like server apps or daemons, thus you don't need (and shouldn't use) them in a browser-based SPA.

    In order for your SPA to sign a user in:

    • The user is redirected to the /authorize endpoint of Azure AD by the browser application. Azure AD asks the user to consent and sign in if necessary.
    • Your SPA receives an authorization code from Azure AD. Without a client secret, the SPA (using MSAL.js + PKCE) trades that code for an ID token and may also access tokens.

    In addition to allowing your app to use APIs (such as Microsoft Graph or your own backend) on the user's behalf, this interactive flow verifies the user's identity (SSO).

    And client credentials is not suitable for your scenario as its only service to service authentication.

    Microsoft identity platform and OAuth 2.0 authorization code flow - Microsoft identity platform | Microsoft Learn

    Single-page app sign-in & sign-out code - Microsoft identity platform | Microsoft Learn

    Let me know if any further queries - feel free to reach out!

    Otherwise, we can connect offline to troubleshoot the issue. Please share details over private message.

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.