Microsoft OIDC Setup June 8, 2025 7 min read

Microsoft Entra ID SSO for Thinkific: a setup guide

Configure Microsoft Entra ID (formerly Azure AD) as an OIDC identity provider for your Thinkific site.

Microsoft Entra ID is the default identity platform for many organisations already using Microsoft 365. Because Entra ID supports both SAML and OIDC, this guide focuses on the OIDC path, which tends to be faster to configure and maintain.

Prerequisites

  • Global Administrator or Application Administrator access in Entra ID.
  • Your WooNinja SSO OIDC callback URL and client configuration screen.
  • A Thinkific site with WooNinja SSO installed.

Step 1: Register an application in Entra ID

  1. Open the Microsoft Entra admin center and go to Applications > App registrations.
  2. Click New registration.
  3. Enter a name such as "Thinkific SSO".
  4. Under Supported account types, choose Accounts in this organisational directory only.
  5. Add the WooNinja SSO redirect URI as a Web platform URL.
  6. Click Register.

Step 2: Collect credentials

From the app registration overview page, copy:

  • Application (client) ID
  • Directory (tenant) ID

Then go to Certificates & secrets and create a new client secret. Copy the secret value immediately, as it is only shown once.

Step 3: Configure OIDC in WooNinja SSO

In WooNinja SSO, create a new OIDC connection and enter:

  • Issuer: https://login.microsoftonline.com/{tenant-id}/v2.0
  • Client ID: the application ID from Entra ID.
  • Client Secret: the secret you just created.
  • Scopes: openid profile email.

Save the connection and note any errors in the WooNinja SSO logs.

Step 4: Map claims

Entra ID returns standard claims such as email, given_name, and family_name. WooNinja SSO maps these automatically to Thinkific user fields. If you need custom attributes, expose them through optional claims in Entra ID and add the corresponding mapping in WooNinja SSO.

Step 5: Test and assign users

In Entra ID, go to Enterprise applications, select the new app, and assign a test user. Then attempt a login from Thinkific. The test user should be created or matched and signed in.

Switching to SAML instead

If your security team prefers SAML, the steps are similar but use the Enterprise application SAML-based sign-on option instead of an OIDC app registration. WooNinja SSO supports both.

For assistance with conditional access policies or hybrid Entra AD deployments, reach out to WooNinja support.

Written by WooNinja Team
Back to blog

Related articles