Set up SSO (Azure)

who can do this anyone with editing permissions for structure and login/signup sso below are the steps for your it administrator to configure azure ad/entra id, to facilitate single sign on via saml 2, so users can log into the app with their company email user synchronization, via microsoft graph api, so refresh accounts are automatically disabled when employees are terminated before you begin start a notes file or another document to paste information to share with us if you have any questions, don't hesitate to contact the refresh team register your app go to https //portal azure com/ click microsoft entra id in the left column, click app registrations at the top, select new registration in the name field, enter refresh select the following accounts in any organizational directory (any microsoft entra id tenant multitenant) and personal microsoft accounts (e g , skype, xbox) click register obtain key info under essentials , copy the following ids into your notes application (client) id directory (tenant) id at the top, select endpoints copy the following into your notes saml p sign on endpoint saml p sign out endpoint close the endpoints panel configure web platform in the left column, select authentication under platform configurations , click add a platform select web in redirect uris, enter https // \[organizationname] \[organizationname] app refreshplatform com/saml for front channel logout, enter https // \[organizationname] \[organizationname] app refreshplatform com/logout click configure you’ll now have a web configuration under platform configurations use add uri in the web box to add two more redirect uris these allow for sandbox testing https // \[organizationname] \[organizationname] app staging refreshplatform com/saml enable access tokens under implicit grant and hybrid flows , select access tokens (used for implicit flows) at the bottom, click save upload certificate you should have received the certificate from us via email, which you can save to your computer in the left column, select certificates & secrets select the certificates tab, if not already selected click upload certificate select the certificate from your files click add create new client secret click new client secret in the description field, enter refresh platform in the expires dropdown, select 730 days (24 months) copy the following into your notes client secret value (from the newly created secret) configure token info in the left column, click token configuration click add optional claim for token type , choose id select the following claims acct email family name given name preferred username click add add groups claim click add groups claim select the following security groups directory roles all groups (includes distribution lists but not groups assigned to the application) groups assigned to the application click add add permissions in the left column, select api permissions click add permission select microsoft graph , and then application permissions select these permissions in the following categories a user i user read all click add permissions share notes once you've completed the steps above, please email your notes file to onboarding admin\@refreshplatform com mailto\ onboarding admin\@refreshplatform com