Skip to content
Getting Started

Microsoft 365 SSO

Create a Microsoft Entra app registration to enable SSO authentication for the AI platform via OAuth, with optional access restriction and group synchronization.

Updated June 8, 20262 min read

SSO sign-in via OAuth

Objective

Procedure

  1. Navigate to the Microsoft Entra admin center > Entra ID > Overview

    1. Copy the tenant ID
  2. Navigate to Entra ID > App registrations

  3. Click + New registration

    1. Name: AI Platform: SSO

    2. Select Single tenant only: Your Company

    3. Redirect URI (Web):

      1. https://ia.yourdomain.com/auth/callback/microsoft
      2. https://ia.yourdomain.com/auth/m365/callback
      3. https://docs.yourdomain.com/auth/azure.callback
    4. Click Register

  4. Navigate to App registrations > Manage > Overview

    1. Copy the application (client) ID
  5. Navigate to App registrations > Manage > API permissions

    1. Click + Add a permission

      1. Microsoft Graph
      2. Delegated permissions
      3. User > User.ReadBasic.All
      4. User > GroupMember.Read.All (optional, for group synchronization)
    2. Click Grant admin consent

  6. Navigate to App registrations > Manage > Certificates & secrets

    1. Select the Client secrets tab

    2. Click + New client secret

    3. Description: SSO "current year" - "current month"

    4. Expires: 730 days

    5. Copy the secret value

  1. Send the following information to the technician:
    • Tenant ID
    • Application (client) ID
    • Secret value

Add the administrator

  1. Navigate to the Microsoft Entra admin center > Entra ID > App registrations

  2. Open the previously created application: AI Platform: SSO

  3. Navigate to Manage > Roles and administrators > Cloud Application Administrator

    1. + Add assignments
    2. Add hilotech@yourdomain.com as an administrator

Access restriction via security group (optional)

Objective

Procedure

  1. Once the app registration has been created, navigate to Enterprise applications
  2. Open the previously created application: AI Platform: SSO
  3. Navigate to Manage > Properties
  4. Set Assignment required? to Yes, then save
  5. Navigate to Manage > Users and groups
  6. Add the desired security group or users

Microsoft 365 group synchronization (optional)

Objective

Procedure

  1. Navigate to App registrations

  2. Open the previously created application: AI Platform: SSO

  3. Navigate to Manage > Token configuration

  4. Click + Add groups claim

    1. Select Groups assigned to the application

    2. Under Customize token properties by type:

      1. ID > sAMAccountName
      2. Access > sAMAccountName
      3. SAML > sAMAccountName
  5. Navigate to Enterprise applications

  6. Open the previously created application: AI Platform: SSO

  7. Navigate to Manage > Properties

  8. Set Assignment required? to Yes, then save

  9. Navigate to Manage > Users and groups

  10. Add the desired security group(s)

Need a hand?

Our team can walk through these steps with you in a meeting with screen sharing.

Contact Hilo Tech

Back to the collection : Getting Started