How to Set Up Microsoft SSO

This guide shows you how to enable Sign in with Microsoft for users of your AlloyScan site. Microsoft is a built-in provider that must first be allowed at the instance level by a Global Administrator. After that, a Site Administrator can turn it on for the current site.

Prerequisites

• You have the Administrator role on the AlloyScan site.
• A Global Administrator has already allowed Microsoft SSO for the instance.
• Users who will sign in with Microsoft already have Active user records on the site (their Email in IAM > Users matches the Microsoft account email).

Steps

1. Open the site SSO providers page

1. Navigate to Admin Center > Site Settings > IAM > SSO providers.
2. Make sure the Microsoft row is visible.

2. Enable Microsoft for the site

1. Turn the Microsoft toggle to ON.
2. Click Save.

Verify

1. Open a private or incognito browser window and navigate to your AlloyScan site sign-in page.
2. Confirm that a Sign in with Microsoft button is now displayed below the email and password fields.
3. Click the button and complete the Microsoft sign-in. If your tenant enforces MFA, MFA happens here.
4. After redirect back to AlloyScan, you should land on the site Dashboard.
5. Open Admin Center > Site Settings > Logs > Security log. The successful sign-in is recorded as a login event.

Note: If the user's email does not match an Active record in IAM > Users, the sign-in fails after the Microsoft step. Add or activate the user in IAM > Users and retry.

Common pitfalls

• Microsoft row not visible. Microsoft SSO has not been allowed for the instance. Ask a Global Administrator to allow Microsoft SSO in Admin Center > App management > IAM > SSO providers.
• Toggle is off. Microsoft is allowed on the instance, but not yet enabled for the site.
• Inactive account. The Microsoft account email must match an Active AlloyScan user record.

Related

• How to Set Up Google SSO
• Authentication Reference
• About Authentication
• Troubleshooting Users and Sign-in