Automatic setup of Single Sign-On (SSO)

Quick reference:
Settings -> Single sign-on

Table of Contents


In Workspace 365 you have the possibility to configure Single Sign-On. You can choose to configure the following methods:

  • None
  • Web Services Federation
  • oAuth2 (recommended)


Want to know more about Single Sign-On? Click here


You can setup Single Sign-On during first initial registration and configuration or in the settings page of Workspace. 

SSO during registering a Workspace



Only grant permission for the applications being used. Example: if you do not use Power BI, do not grant permission for Power BI as it will result in an error.

When clicking on OK, the window below should appear. 


Back to top

SSO configuration in the Workspace


To setup Single Sign-On automatically, choose the "Automatic setup". Workspace 365 will create an Azure AD application with the permissions you will grant. By default, SharePoint and Exchange are checked. Additionally, you can choose to add Power BI permissions to the application.
The only thing these checks do is to simplify the setup of Workspace 365. You can always configure these options afterwards.

Make sure when you want to save the application or continue from the registration page, your Office 365/Azure AD password is filled in and that you check "I give Workspace 365 permissions to create an Azure AD application to provide Single Sign-On."

When you are done with this configuration, click "Done". After you click done, you will be redirected and signed out. After you are redirected, you will get a consent of all previously set permissions. You have to accept these permissions. When the request for a Single sign-on token is sent to the Azure AD, the Workspace 365 page will ask you to wait for 1 minute.


But, if you receive an error at this stage, please check if there is only one Microsoft Office 365 account signed in, in the browser session. If you use multiple accounts, Google Chrome offers a nice option to quickly switch between user accounts. Click on the user icon (on the right of the URL bar in Chrome).
There, you can add people by clicking ‘manage people’ or switch between users by clicking on the user.



You need to consent on behalf of your organization, because otherwise these permissions are only granted for admins in your tenant.


Be aware that these permissions are only granted for administrator in this tenant. You have to grant it for all users. If you do not "Grant Permissions" you will receive the following error while trying to log in to the workspace as a user: "Need admin approval"

Grant admin consent manually

If you want to update/change/apply the consent in Azure AD, you can apply it to the App registration. You need to navigate to Azure AD -> App registrations -> All applications -> Workspace SSO application -> View API Permissions and scroll down to the "Grant consent" section. Apply "Grant admin consent for {{Tenant name}}". Here, you can give permissions for e.g. Exchange or Power BI if was not included during the automatic setup for SSO by clicking on "Add a permission".

Back to top