Single sign-on is available for Enterprise plans. To discuss switching to an Enterprise plan, please contact your account manager.

To set up single sign-on for Azure
  1. Request SSO access from

    Only account admins can request single sign-on access for their accounts.

    To kick off this process, send an email to Write that you want to set up Azure SAML SSO for Include these items in the message:

    The Support team will respond with the connection information you’ll need to give in Azure.

  2. Add to Azure

    Add a non-gallery application in Azure

    In the Azure Portal, browse to Azure Active Directory > Enterprise Applications > New application > Non-gallery application.

    In the right panel, set the Name to “” and click Add.

    Click Configure Single Sign-On, and choose SAML-based Sign-on.

  3. Paste the SAML information from Support

    Add a non-gallery application in Azure

    Fill in these details from the Support email message:

    • In Identifier (Entity ID), paste Audience URI from the email
    • In Reply URL (Assertion Consumer Service URL), paste Single sign on URL from the email
  4. Zip the SAML certificate

    In the SAML Signing Certificate section of the page, click the Certificate (Base64) download link (next to the certificate).

    Download the certificate file and zip it. You’ll attach this zip file to your next email to the Support team.

    Save your configuration.

  5. Get your endpoint information

    Browse to Azure Active Directory > App registrations > Endpoints.

    Copy the SAML-P SIGN-ON ENDPOINT, and paste this in the email that you’ll send to the Support team.

  6. Send your SAML details to

    Draft a new email to Support, and include these items:

    • Your zipped certificate (from step 4)
    • Your SAML-P SIGN-ON ENDPOINT (from step 5)
  7. Configure Azure to send user groups

    Return to the App registrations page. If you don’t see, click View all applications.

    Open the application, and then click Manifest. In the manifest JSON, set groupMembershipClaims to "All". Click Save (top of the page).

  8. (Optional) Restrict access to specific user groups

    Add group

    By default, all Azure users with access can sign in to your accounts.

    You can restrict this access from the Manage users page for each of your accounts. To do this, click Add group, and then paste your group’s Object ID from Azure. Do this for each group that should have access to this account.

  9. Receive confirmation from Support

    When Support has created your Azure + connection, you’re done! You can start logging in to through your Apps portal.