“Single sign-on means a user doesn't have to sign in to every application they use. The user logs in once and that credential is used for other apps too.” (Microsoft)

Workstem’s SSO integration is built on the OAuth 2.0 framework and we currently support SSO using Microsoft Azure AD as well as Okta.

1. Route

Your route will start with https://login.microsoftonline.com/ and end with your Azure AD tenant ID. You can find tenant ID on the homepage of your Azure AD module.

2. Authorisation Path

The authorisation path is fixed: “/oauth2/v2.0/authorize”

3. Token Path

The token path is also fixed: “/oauth2/v2.0/token”

4. User Info Path

The user info path is also fixed: “https://graph.microsoft.com/oidc/userinfo”

5. Application ID

You can find your application ID on the overview page in your newly created enterprise application.

6. Secret Key

For the secret key, you can go into “App Registrations” > your newly created application for Workstem. Under “Client Secrets”, create a new client secret and copy the value. You can then paste the secret key to Workstem.

⚠️ Tip: Be sure to save the client secret value somewhere after copying! You will only be able to copy this once from inside Azure AD.

Under Enterprise Application, go into your application and click on “Users and groups”, you can add and assign users here.

Inside Workstem, go to “Company”, and create a SSO Code for your account (alphanumeric without spaces). You will use this code to log in via SSO.

After you’ve done the above 5 steps, your employees can then fill in the SSO Code when choosing SSO and use their Microsoft Azure AD accounts to log into the Workstem system.