This article applies as of PRTG 23.x.88


I want to use Microsoft Entra ID (previously Azure Active Directory or Azure AD) as SSO provider for PRTG Hosted Monitor. How can I do this? 

Important notice: The following article only applies to Paessler PRTG Hosted Monitor. It does not apply to PRTG Network Monitor.

How to integrate Microsoft Entra ID into PRTG Hosted Monitor

As of PRTG 23.x.88, you can use Microsoft Entra ID as single sign-on (SSO) provider in PRTG Hosted Monitor. For the integration to work seamlessly, follow the steps in this article.

Follow these steps to configure Microsoft Entra ID to work as SSO provider in PRTG Hosted Monitor.

Step 1: Register your app

  • Log in to the Azure Portal under https://portal.azure.com.
  • Select  Microsoft Entra ID under Azure services.
  • Go to the App registrations tab.
    Add new registration
  • Click the New registrationbutton.
    • Enter a name, for example, Test.
    • Select Accounts in this organizational directory only.
    • Enter the redirect URI as https://auth.my-prtg.com/login/callback
      Register app
    • Click the Register button to register the new app.
  • Select the newly registered app Test.
  • Copy the Application (client) ID.
    Note: You will need these later to configure PRTG.

Step 2: Create a client secret

  • Go to the Certificates & secrets tab.Certificates & secrets
  • Click the New client secret button.Add secret
  • Enter a Description, for example, Test.
  • Enter the period after which the client secret expires.
  • Click the Add button to save the client secret.
  • Copy and save the newly created value from the Value section as shown below: Copy Value
Important notice: Make sure to note the client secret value now because it will not be visible again and you will need it when you configure PRTG.

Step 3: Connect your PRTG instance to Microsoft Entra ID

  • Now open the PRTG Hosted Monitor Login page.
  • Go to Select your PRTG subscription.Select your subscription
  • Now take the Application (client) ID and the Client Secret and paste it in the form. Also enter the Microsoft Entra ID Domain (aka 'Primary Domain' shown in the overview page of your Entra ID tenant) and your Email domain. PRTG Hosted Monitor supports multiple email domains as comma-separated entries as long as they are under the same tenant.
  • Confirm by clicking on Create.
  • Now PRTG will restart and prepare to use authentication from Microsoft Entra ID.instance ready
  • When opening your instance, the normal login page will appear.
  • Enter your credentials and the login page will automatically detect, based on your entered email domain, that you want to authenticate with Microsoft Entra ID. This is also indicated by it displaying SINGLE SIGN-ON ENABLED. sign on enabled
  • The login page will redirect you to your corporate login.
  • You have now successfully integrated Microsoft Entra ID as SSO provider in PRTG.

Step 4: Invite Entra ID users

  • You can now invite other users from your active directory into PRTG Hosted Monitor.
  • Click the Setup button on your PRTG instance.Set up
  • Select User Accounts.User Accounts
  • Click on Invite User.Invite User
  • Fill in the details, set Federated Directory User as Login Type and click Send Invite.Send Invite


What happens to already invited users?

Let's assume, that you have configured a Microsoft Entra ID integration for the email domain mycompany.com for your PPHM instance.

All existing accounts that have an '@mycompany.com' email address, will be switched automatically to Microsoft Entra ID authentication flow, when entering their email address next time in the login form. These accounts will  only be able to log in through the Microsoft Entra ID authentication flow.

All invited users that do NOT have a mycompany.com email address, will be using the default authentication flow with the email address and password.

Error Handling

1. Incorrect Application ID.

If the user has used an invalid application ID , the following message is shown. The user must use the correct application ID connected to the Paessler Entra ID tenant.

Invalid application id

2. CANNOT READ PROPERTY 'INDEXOF' OF UNDEFINED.

Email Address

This error occurs when the user tries to authenticate with Entra ID credentials that has no associated email address. To avoid this, an associated email address should be entered in the Contact Information section on their Entra ID portal.

Error_2Click to enlarge

3. FAILED TO OBTAIN ACCESS TOKEN.

This error can occur if the user enters the wrong client secret or if the client secret has expired.

ErrorClick to enlarge

Wrong Client Secret

The user has copied the secret ID from the Microsoft Entra ID portal instead of the value that contains the secret.

ValueClick to enlarge

Expired Client Secret

The client secret has an expiration date. This is configured when the user is creating a client secret. We recommend that the user configures the expiration date to avoid errors.

ExpirationClick to enlarge

ConfigureConfigure