Microsoft Azure AD SSO

To register SSO with Inspace and Microsoft Azure AD, you'll need to prepare the Microsoft Azure AD application and send credentials to the InSpace support team.

Register your app with Azure AD

To register SSO with InSpace, you'll need to register an app at Microsoft Azure AD

During the Registration, configure the following settings:

Supported account types	To allow users from external organizations (like other Azure AD directories) choose the appropriate multitenant option. Multitenant options include the following: Accounts in any organizational directory (Any Azure AD directory - Multitenant).
Redirect URI	https://login.inspace.chat/login/callback

Create a client secret

After setting up the Microsoft Azure AD application, please create a Client ID and Client Secret.

Once generated, make note of these values.

If you configure an expiring secret, make sure to record the expiration date; you will need to renew the key before that day to avoid a service interruption.

Add permissions

To have a functional SSO connection, you'll need to grant permissions to the Microsoft Azure AD application.

While configuring permissions, consider the following:

Delegated Permissions
Users > User.Read	So your app can sign in users and read the signed-in users' profiles.

Provide following information to the InSpace support team to register the SSO.

Information required	Description
Microsoft Azure AD Domain	Your Azure AD domain name. You can find this on your Azure AD directory's overview page in the Microsoft Azure portal.
Client ID	Unique identifier for your registered Azure AD application. Enter the saved value of the Application (client) ID for the app you just registered in Azure AD.
Client Secret	String used to gain access to your registered Azure AD application. Enter the saved value of the Client secret for the app you just registered in Azure AD.
Organizational domains	All domains which need to have access for SSO
Test User	A test user so InSpace can test the full sign-in flow.