Setting up Single Sign-On with Azure AD

To enable and configure the Microsoft Azure AD (Active Directory) Single Sign-On (SSO) feature available on Enterprise and Enterprise Premier plans, you will need three things:

  1. A plan that supports the Azure AD SSO feature
  2. Administrator access to your site
  3. Administrator access to your Azure portal

Adding in Azure AD

After logging in to your Azure portal as an administrator, navigate to Azure Active Directory > App registrations and click the New registration button.

In the registration form, enter in the Name field, and enter the following URL in the Redirect URI field:

Click the Register button to complete the registration.

Next, copy both the Application (client) ID and Directory (tenant) ID by clicking the copy icon that appears when hovering your cursor over them, and make a note of these by pasting them into a text/document editor.

Next, to generate a client secret, click Certificates & secrets, and click the New client secret button.

In the dialog that appears, enter a Description and select the Expires option according to your preference.

Click the Add button to generate your client secret. Then use the copy icon next to the generated secret to copy it, and make a note of it along with your previously copied client and tenant IDs.

Adding Azure AD in

After logging in to your account as an administrator, navigate to Settings > Security > SSO Providers, and click the Add provider button. Click to select the Microsoft provider.

In the Add provider form:

  • Paste your Directory (tenant) ID copied from Azure into the Tenant ID field.
  • Paste your Application (client) ID copied from Azure into the Client ID field.
  • Paste your Client secret copied from Azure into the Client Secret field.

Lastly, click the Save button to apply the change.

The Azure SSO method will now be available when assigning an authentication method for a user in, and the Sign in with Microsoft button will be displayed on your site’s login page.