Configure Microsoft 365 Single Sign-On in the Back-Office
Microsoft 365 Single Sign-On is available since OroCRM Enterprise v4.2.7 as part of the Oro-Microsoft 365 Integration extension. To check which application version you are running, see the system information.
Oro application supports Microsoft 365 Single Sign-On. This means that for a user that has the same primary email in the Oro application and Microsoft accounts, it is possible to use only their Microsoft set of credentials to securely authenticate themselves in the ORO application without using the usual back-office login form.
To configure the Single Sign-On with Microsoft 365 in your OroCRM or OroCommerce application:
Navigate to System > Configuration > Integrations > Microsoft Settings in the main menu.
Make sure that the Azure Active Directory Application Settings are filled.
Define the following fields for Microsoft 365 Single Sign-on:
- Enable — Select the check box to enable the Single Sign-On setting.
- Domains — A comma-separated list of allowed domains. It limits the list of application domains for which single sign-on can be used. Leave the field empty to set No for such limitation.
- Redirect URI — READ-ONLY field, the value is auto-generated and should be added in Azure Application Redirect URIs configuration.
Log in with Microsoft 365
When a user opens the login page of the instance with the enabled single sign-on capability, they can see an additional Log in with Microsoft 365 button.
If the user is not logged into their Microsoft account, then clicking the button triggers opening a usual Microsoft login page.
As soon as the user logs into their Microsoft account, they need to accept the policy of using the application.
Now, a Microsoft-registered user can click the Log in with Microsoft 365 button to enter the Oro application.
Note that the email used for the Microsoft account and the primary email of the user in the Oro application must be the same.