Hi ,
Welcome to the Support Portal. How can we help?
Follow

Automatic setup of SSO

Quick reference:
Settings -> Single sign-on

Table of Contents


Introduction

In this article we will walk you through the automatic (recommended) setup of SSO. If you run into any issues, make sure to check out our troubleshooting article.


How to set up SSO automatically

Error during setup? You may have to turn off MFA for your Global Admin account. Please check the log files for more information. If you do not want to turn off MFA, you can follow the manual setup of SSO instructions.

To set up SSO automatically, go to:

  • Workspace admin settings.
  • Select Single sign-on.
  • We strongly recommend using oAuth2 as a SSO method.
  • Choose automatic setup.
  • Fill in the Office 365/Azure AD password.
  • Check the checkbox "I give Workspace 365 permission to create an Azure AD application to provide Single Sign-on".
  • Grant permissions to applications such as SharePoint or Exchange. You can always configure these API permissions afterwards in Azure.

    If you do not use Power BI, do not grant permission for Power BI. This will result in an error. Only grant permission for the applications that are being used.
    automatic.png

  • Click on Done. You will be redirected and signed out.
  • After you are redirected, you will get a consent of all previously set permissions. You have to accept these permissions. When the request for a SSO token is sent to the Azure AD, the Workspace 365 page will ask you to wait for 1 minute.

    If you receive an error at this stage, please check if there is only one signed in Microsoft Office 365 account in the browser session. Tip: if you use multiple accounts in Google Chrome you can easily switch between user profiles by clicking on the user icon on the top right side of the URL bar.
    Azure_AD_wait.PNG



  • You need to consent on behalf of your organization, because otherwise these permissions are only granted for admins in your tenant.

     

  • Be aware that these permissions are only granted for administrator in this tenant. You have to grant it for all users. If you do not Grant Permissions you will receive the following error while trying to log in to the workspace as a user: "Need admin approval".

Back to top