All Collections
Get Started(HK)
Single Sign On (SSO) - Microsoft Azure AD
Single Sign On (SSO) - Microsoft Azure AD

Configure your account to allow employees to log in via SSO.

Karl avatar
Written by Karl
Updated over a week ago

Understanding SSO

“Single sign-on means a user doesn't have to sign in to every application they use. The user logs in once and that credential is used for other apps too.” (Microsoft)

Workstem’s SSO integration is built on the OAuth 2.0 framework and we currently support SSO using Microsoft Azure AD as well as Okta.

How to Integrate Workstem with Microsoft Azure AD

1. Create a new Enterprise Application inside Azure AD for Workstem

2. Go to Workstem > Integrations > and choose Microsoft Azure

3. Set Up the 6 Fields

1. Route

Your route will start with https://login.microsoftonline.com/ and end with your Azure AD tenant ID. You can find tenant ID on the homepage of your Azure AD module.

2. Authorisation Path

The authorisation path is fixed: “/oauth2/v2.0/authorize”

3. Token Path

The token path is also fixed: “/oauth2/v2.0/token”

4. User Info Path

The user info path is also fixed: “https://graph.microsoft.com/oidc/userinfo

5. Application ID

You can find your application ID on the overview page in your newly created enterprise application.

6. Secret Key

For the secret key, you can go into “App Registrations” > your newly created application for Workstem. Under “Client Secrets”, create a new client secret and copy the value. You can then paste the secret key to Workstem.

⚠️ Tip: Be sure to save the client secret value somewhere after copying! You will only be able to copy this once from inside Azure AD.

4. Assign New Users

Under Enterprise Application, go into your application and click on “Users and groups”, you can add and assign users here.

5. Configure Workstem Tenant

Inside Workstem, go to “Company”, and create a SSO Code for your account (alphanumeric without spaces). You will use this code to log in via SSO.

After you’ve done the above 5 steps, your employees can then fill in the SSO Code when choosing SSO and use their Microsoft Azure AD accounts to log into the Workstem system.

Did this answer your question?