search
Docs Home

SSO Setup

This guide walks you through setting up Microsoft Entra ID Single Sign-On for your TenantWise instance. You will need access to both the TenantWise admin console and the Microsoft Azure Portal.

circle-info

TenantWise uses OAuth 2.0 with PKCE (Proof Key for Code Exchange) for secure authentication with Microsoft Entra ID.

hashtag
Prerequisites

  • A Microsoft Azure account with permission to create App Registrations in Microsoft Entra ID.

  • Administrator access to the TenantWise admin console.

hashtag
Step 1 - Create an App Registration

  1. Go to the Azure Portalarrow-up-right and navigate to Microsoft Entra ID > App registrations.

  2. Click New registration.

  3. Enter a name for the application, for example TenantWise SSO.

  4. Under 'Supported account types', select Accounts in this organizational directory only.

  5. Click Register.

hashtag
Step 2 - Copy the Application and Directory IDs

  1. From the App Registration overview page, copy the Application (client) ID.

  2. Copy the Directory (tenant) ID.

  3. In the TenantWise admin console, navigate to Settings > SSO Settings and enter these values in the Client ID and Tenant ID fields.

hashtag
Step 3 - Create a Client Secret

  1. In your App Registration, navigate to Certificates & secrets.

  2. Click New client secret.

  3. Enter a description and select an expiry period.

  4. Click Add and copy the secret value immediately.

  5. In the TenantWise admin console, enter the secret value in the Client Secret field.

triangle-exclamation

The client secret value is only displayed once in Azure. Make sure you copy it before navigating away from the page.

hashtag
Step 4 - Add the Redirect URI

  1. In your App Registration, navigate to Authentication.

  2. Click Add a platform and select Web.

  3. In the TenantWise admin console, copy the redirect URI displayed on the SSO Settings page using the copy button.

  4. Paste this URI into the Redirect URI field in Azure.

  5. Click Configure.

hashtag
Step 5 - Enable ID Tokens

  1. In the Authentication section of your App Registration, under 'Implicit grant and hybrid flows', tick ID tokens.

  2. Click Save.

hashtag
Step 6 - Add API Permissions

  1. In your App Registration, navigate to API permissions.

  2. Click Add a permission and select Microsoft Graph.

  3. Select Delegated permissions.

  4. Add the following permissions:

    • openid

    • profile

    • email

  5. Click Add permissions.

hashtag
Step 7 - Enable SSO in TenantWise

  1. In the TenantWise admin console, navigate to Settings > SSO Settings.

  2. Tick the Enable SSO checkbox.

  3. Optionally, enter allowed domains to restrict SSO to specific email domains.

  4. Click Save.

circle-info

After completing setup, you can create SSO-only administrator accounts from the User Management section. See SSO Settings for more information.

PreviousSSO SettingsNextAdvanced

Last updated