Integrate single sign-on with Entra ID (formerly Azure AD)

Before you integrate single sign-on with Entra ID, ensure that:

• You enable single sign-on for your firm.

• Staff members in Entra ID are integrated through Microsoft Office 365. Once you integrate single sign-on, staff members will use their Office 365 email address to log in to Cloud. Users with guest accounts in your directory will also be able to use SSO.

  Note: Entra usernames are not email addresses and cannot be used to log in to Cloud.

• Staff members with existing Cloud accounts have updated their Cloud account to use their Office 365 email address. If a staff member uses a different email address for their Cloud account, a duplicate user account will be created for them once you integrate SSO.

We recommend that single sign-on integration is performed by an administrator who is familiar with single sign-on setup in Entra ID.

The integration process is summarized in the following figure.

To learn more, see:

1. Register a new app for single sign-on

2. Generate a client secret

3. Copy the metadata endpoint

4. Configure optional claims

5. Generate the Reply URL

6. Assign authorized staff to use single sign-on

7. Assign API permissions

8. Test your single sign-on integration