Microsoft Entra ID OAuth Setup

Get your redirect URL from Inklass

In Inklass (myschool.inklass.education):

1. Go to Apps → Authentication
2. Copy the redirect URL

Keep this tab open.

Create app in Microsoft Entra

Sign in to Microsoft Entra admin center :

1. Go to Entra ID → App registrations → New registration
2. Name: Schoolbox Mobile OAuth
3. Accounts: Accounts in this organizational directory only
4. Redirect URI: Platform Web, paste your Inklass redirect URL from step #1
5. Click Register

Copy your credentials

From the Overview page, save:

• Application (client) ID
• Tenant ID

Add token claim

In Token Configuration tab:

1. Add optional claim → Token type ID → Select UPN → Add

Create client secret

In Certificates & secrets tab:

1. New client secret → Expiry 24 months → Add
2. Copy the secret value immediately (can’t view again!)

Grant permissions

In API permissions tab:

1. Grant admin consent for [Your Organization] → Confirm

This prevents a double consent screen for every user that logs into the app.

Add credentials to Inklass

Back in Inklass → Apps → Authentication:

• Enter Tenant ID and Client ID
• Send Client Secret value to support@inklass.com.au, preferably using a onetimesecret service like https://onetimesecret.com/ 

Configure Schoolbox

In Schoolbox → Administration → System Settings → OAuth Provider Configuration:

1. Identity Provider URL: https://login.microsoftonline.com/{tenant-id} (use your Tenant ID from step #3)
2. OAuth Client ID: Your Application (client) ID from step #3
3. OAuth Client Secret: Your client secret
4. OAuth Identifying Claims: preferred_username,upn
5. Optional: Response Type code, Scopes profile openid email
6. Save

Test it

Congratulations! You’re now ready to test logging into your app. 🎉