Configure Microsoft 365 Single Sign-On in the Back-Office 

Note

The feature is available for the Enterprise edition only.

Oro application supports Microsoft 365 Single Sign-On. This means that for a user that has the same primary email in the Oro application and Microsoft accounts, it is possible to use only their Microsoft set of credentials to securely authenticate themselves in the ORO application without using the usual back-office login form.

To configure the Single Sign-On with Microsoft 365 in your Oro application:

  1. Navigate to System > Configuration > Integrations > Microsoft Settings in the main menu.

    Microsoft 365 Single Sign-On Settings

  2. Make sure that the Azure Active Directory Application Settings are filled.

  3. Define the following fields for Microsoft 365 Single Sign-on:

    • Enable — Select the checkbox to enable the Single Sign-On setting.

    • Domains — A comma-separated list of allowed domains. It limits the list of application domains for which single sign-on can be used. Leave the field empty to set No for such limitation.

    • Redirect URIREAD-ONLY field, the value is auto-generated and should be added in Azure Application Redirect URIs configuration.

Log in with Microsoft 365 

When a user opens the login page of the instance with the enabled single sign-on capability, they can see an additional Log in with Microsoft 365 button.

The login page with the button to log in with Microsoft 365

If the user is not logged into their Microsoft account, then clicking the button triggers opening a usual Microsoft login page.

The usual Microsoft 365 log-in page

As soon as the user logs into their Microsoft account, they need to accept the policy of using the application.

Microsoft account page

Now, a Microsoft-registered user can click the Log in with Microsoft 365 button to enter the Oro application.

Note

Note that the email used for the Microsoft account and the primary email of the user in the Oro application must be the same.

Related Topics