SSO with Azure AD

In this article we cover the most common challenges when setting up the Active Directory for single sign-on (SSO) with Openli.

Azure AD settings are too strict

Openli is a verified publisher, which means that your Azure AD administrator should only need to ensure that the setting "Allow user consent for apps from verified publishers" is enabled, to allow all users in your organisation to log in with Azure AD on Openli when you invite them.
Our app only requires these permissions to be granted by users:
  • "View users' basic profile" (AKA profile)
  • "Maintain access to data you have given it access to" (AKA offline_access)