SSO Settings
TenantWise supports Single Sign-On (SSO) using Microsoft Entra ID, allowing administrators to sign in with their Microsoft account instead of a password.
From the 'Settings' section of the TenantWise Dashboard you can configure your SSO settings.
SSO is available for administrator accounts only. Customer accounts continue to use standard email and password authentication.
Enabling SSO
To enable SSO, tick the 'Enable SSO' checkbox and save your changes. Once enabled, administrators with SSO-enabled accounts will be prompted to sign in with Microsoft Entra ID.
Before enabling SSO, ensure you have completed the setup steps in SSO Setup. Enabling SSO without a valid configuration will prevent SSO administrators from signing in.
Azure App Registration
The SSO settings page displays a redirect URI that is required during the setup process. Use the copy button to copy this URI to your clipboard when configuring your Azure App Registration.
You will need to enter the following values from your Azure App Registration:
Tenant ID (Directory ID) - The Directory (tenant) ID from your Azure App Registration.
Client ID (Application ID) - The Application (client) ID from your Azure App Registration.
Client Secret - A client secret generated from your Azure App Registration.
The client secret is encrypted and never displayed after saving. When updating other settings, leave the client secret field blank to keep the existing value.
Domain Restrictions
You can optionally restrict SSO to specific email domains by entering a comma-separated list of domains in the 'Allowed Domains' field, for example example.com, company.org.
When domain restrictions are set, only administrators with an email address matching one of the allowed domains will be able to sign in using SSO. Leave this field blank to allow all domains.
SSO-Only Administrators
When creating a new administrator, you can tick the 'SSO Only (Microsoft login)' checkbox to create an account that can only sign in using Microsoft Entra ID. SSO-only administrators will not receive a password reset email and will not be able to sign in with a password.
Existing administrators can be identified by their authentication method in the administrators list, where a badge indicates whether they use 'SSO' or 'Password' authentication.
How SSO Login Works
When an administrator enters their email address on the login page, TenantWise checks whether SSO is enabled for their account. If SSO is enabled, the password field is hidden and replaced with a 'Sign in with Entra ID' button. Clicking this button redirects the administrator to Microsoft to complete authentication before returning them to TenantWise.
If SSO is not enabled for an administrator's account, the standard email and password login is displayed.
Last updated