Skip to main content
Microsoft Azure Active Directory Single-Sign-On (SSO) Integration

Learn how to integrate connected via your company's Azure Active Directory.

Shoshana Fleischmann avatar
Written by Shoshana Fleischmann
Updated over 3 months ago

SSO (Single Sign-On) is a method of signing your users into a platform with an existing user base that your organization already has (e.g. Microsoft, Google). Using SSO can ensure a flawless login process for your organization as well as heighten your company's security.

In this article, we will discuss

What are the Benefits of Using SSO?

There are many benefits of using a single sign-on service, these include:

  • Employees can sign on and authenticate via one service.

  • Adds another layer of security

  • Adding and removing employees from your organization can be done from your user management tool such as Active Directory. This enables you to prevent the user from entering connecteam without needing to remove them from connecteam.

What are the Prerequisites to Using SSO?

Currently, the prerequisites to using SSO are that you need to be using Microsoft's Azure Active Directory as your single service provider. In Connecteam the capability to integrate with Azure is only available if you are on the Enterprise Plan.

How to Set Up SSO Step-by-Step

To set up SSO first navigate to your General Settings, under your avatar in the top right corner. Then enter the security settings and toggle on the SSO option.

Note that here you can choose to activate the SSO for your users and apply it to your mobile app as well by selecting the apply for all users, including the mobile app option. We will go over setting up the SSO for the mobile app below, however, still need to follow these next steps to complete the initial setup.

After that, you will need to follow these steps:

Step 1: Log in to Azure portal:https://portal.azure.com

Step 2: Navigate to the Azure Active Directory button on the side menu, then select the App Registrations and select the New Registration option.

Step 3: Under the Name Section enter a name, this can be Connecteam or any other name you would like to call this registration.

Step 4: Then make sure the option of Accounts only in this directory is selected.

Step 5: Under the Redirect URI section select web as the platform and paste the URL found in the Connecteam Security app tab. Then select Register at the bottom

Following this you will be redirected to the app registration screen of the app you just created. To finish setting up the SSO you will need to follow these steps:

Step 1: Copy the Client ID from the registration screen and paste it into the Connecteam Security SSO Settings.

Step 2: Then navigate to certificates and secrets on the left sidebar and select the option to create a new secret.

Step 3: Create a new client secret and decide after how many months you want the secret to expire and select add.

A new secret will be generated which you will copy and paste into the Connecteam Security SSO Settings. Please note that the first time you are setting up SSO you will need to copy the client secret immediately or it will be lost!

Once you are finished copying your client secret into the Connecteam Security Settings be sure to Save your changes. That's it your SSO setup is now complete and you can begin using it to log into your Connecteam account.

Adding SSO for Mobile and Including Users in Your SSO Set-Up

After setting up SSO for your Admin dashboard, you can choose to add SSO to the mobile app and your users by following these extra steps.

Step 1: If you did not initially do so, then you should check the box at the top right corner, that says Apply for all users, including mobile app. This will apply the SSO to all your employees and the mobile app. Note if you do not see the option to include the mobile app - please reach out to Connecteam's live support team (at the bottom right corner of your screen).

Step 2: Configure the mobile app redirect URL. Go to the AD App that you created before, enter Authentication on the left sidebar, and click on Add another platform.

Choose Desktop and Mobile applications:

Then copy and paste the Native Redirect URL from the Connecteam Security Settting Page into the Custom Redirect URLs input field and select confirm.

Step 3: Change the app to be multi-tenant. When in the apps Authentication tab scroll down and change the supported account types to "Multitenant"

Step 4: Allow Login flows. To do so, Click on Manifest in the Microsoft app sidebar,

Go to line 28 or Search for “oauth2AllowIdTokenImplicitFlow” and change it to “true”. Then Save.

That's it you are good to go.

💡Tip: SSO can only be set up by owners!

What Does the Login Process Look Like When Integrated with Azure Active Directory?

After setting up SSO an admin goes to connecteam to login. They begin the login process as normal by entering their phone number. Only the first time they log in they will select the option to log in via email instead of entering the code they receive. Here they will be presented with a screen requesting they accept permissions to use their Microsoft Azure Active Directory Account to log in. Upon selecting accept they will be automatically redirected to Connecteam.

Following the first log in admins will simply enter their phone number and be automatically redirected to their Microsoft Azure account. Once they log in in Azure they will also be automatically logged into the Connecteam Dashboard.

Need more guidance? 🙋 Our LIVE support team (at the bottom right corner of your screen) replies to ANY question.

Did this answer your question?