Skip to main content
All CollectionsIntegrationsAPI
Provisioning API example: Change SSO settings in Workspace 365
Provisioning API example: Change SSO settings in Workspace 365
Updated over 5 months ago

Table of Contents

Introduction

If you can't access the Workspace anymore, you can request emergency admin access to reconfigure SSO. However, there is a possibility that the emergency access email is not received.

As an alternative, you can use the SSO provisioning API to change the 'Authority', 'Client ID' and 'Key' in Workspace 365. These values must match exactly with the corresponding App Registration in Microsoft Entra ID (previously called Azure AD). Otherwise you won't be able to access the Workspace environment.

manual_SSO.png

Requirements

  • A Power Automate Premium license (Microsoft offers a free 90-day trial license).

  • The Workspace 365 instance URL (https://yourworkspace365instance.url).

  • The Provisioning Key (00000000-0000-0000-0000-000000000000).

  • A Global Administrator account (or any other admin account who can access the Workspace SSO App registration).

Step 1. Look up the 'Authority', 'Client ID' and 'Key' in Azure

  1. Go to Azure.

  2. Log in with the Global Administrator account.

  3. Search for and select Microsoft Entra ID.

  4. Go to the Azure Active Directory overview pane.

  5. Under 'Basic information', note down the Primary domain.

  6. Go to the App Registrations.

  7. Select the Workspace application from the list.

  8. Note down the Client ID from the App registration overview pane.

  9. Select Certificates & secrets.

  10. If you don't know what the Key is, you must create a new client secret and note down the key.

Back to top

Step 2. Create the Power Automate flow

  1. Log in to Microsoft 365 and click on the waffle button in the top left corner.

  2. Open the app Power Automate.
    ​

  3. Choose Create to create a new flow.

  4. Assign a flow name to your flow (e.g. "Workspace SSO API").

  5. Select Instant cloud flow.

  6. Select Manually trigger a flow.

  7. Click Create.
    ​

  8. Create a new step.

  9. Search for and select HTTP (premium).

  10. As the Method, choose PUT.

  11. Fill in the necessary information.

    • You can find an example for a HTTP PUT request to configure OAuth2 authentication (not available when hosted on-premises) here, but you need to adjust it according to your own values.

    • It should look something like this:
      ​

      workspace_SSO_power_automate.png

  12. Run the flow to test it.

  13. You should see it succeeded (see 'Run history'), otherwise double-check the settings that have been filled in the previous step.

  14. Try again to log into the Workspace 365 environment.

You have now changed the 'Authority', 'Client ID' and 'Key' in the Workspace SSO settings to what has been filled defined in the Power Automate HTTP PUT request. These values should match 100% with the corresponding Workspace SSO App Registration in Microsoft Entra ID. You should now be able to log in to the Workspace environment.

Back to top

Related Articles
Manual setup of SSO
Add SSO apps with Microsoft Entra ID, HelloID or SecureLogin
About domain or tenant migrations in Microsoft Entra ID or Workspace 365
Step 1. Edit and zip the manifest.json file
Reset SSO
Did this answer your question?