Azure AD Single Tenant SSO

Internal can leverage your single-tenant Azure AD instance to provide SSO for your Internal Spaces and Data Sources.

In Azure Portal:

  1. Log into the tenant you'd like to use with Internal
  2. Find your tenant ID
  3. Create a Service Application for your tenant
  4. From that Service Application, gather both of the appID values for login

In Internal:

  1. Click on "Company Settings" in the lefthand navigation panel
  2. Select the "Security" tab from the resulting view
  3. Click the table row labeled "Single Sign On"
  1. Select "Azure AD Single Tenant" from the dropdown at the top of the resultant pop-out
  1. Note that the callback URI is pre-populated with the correct URL for Internal's SSO redirect
  1. Enter the Tenant ID and appIDs collected from Azure Portal in the fields with their respective labels
  1. Test your configuration! You'll be prompted to log into your Azure AD instance. A successful login will redirect to Internal.
  1. Select the checkbox at the bottom of the pop-out to set SSO through Azure AD as a requirement for your entire Internal instance
  1. Click "Save" and take the new SSO for a test drive by signing out, clearing your browser cookies and cache, and signing back in.