Benefits of SSO with Microsoft Azure AD
Faster Logins: Access Kinnovis with your Microsoft credentials—no need to remember another password.
Central User Management: Control access through Azure AD—ideal for bigger.
Easy to Scale: Quickly onboard or remove colleagues as your team grows.
Strong Security: Reduce password risks and take advantage of Azure’s security features like MFA.
How to Set Up Single Sign-On with Azure AD
Step 1: Add and Configure the Azure AD Connected App
Before users can log in using SSO, you must add an integration for Azure AD.
Navigate to Integrations in the Kinnovis Manager.
Go to the Single Sign-On section.
Click on Edit.
Enter your Azure Tenant ID.
If you're unsure where to find it, click the link: Where can I find my Azure AD Tenant ID?
Click Activate SSO to enable the integration.
⚠️ The tenant ID is used to ensure only users from your organisation’s Azure AD can sign in. This prevents unauthorised access by users with duplicate email addresses.
Step 2: Test Logging In
Note: If you first time log in with Azure AD, you need to make sure you are and Admin of your organisation and install/accept the "Kinnovis Auth" application (application id = d6b8dace-1e60-4dc3-9182-8d26d29349de) in your Azure tenant.
Once you've set up the Azure AD integration and configured the connected app in Kinnovis, it's time to test that everything works as expected.
Go to the Kinnovis Manager login page.
Click the Log in with Azure AD button.
You’ll be redirected to Microsoft’s login screen—sign in with your Azure AD credentials.
If successful, you’ll be redirected back to the Kinnovis Manager dashboard.
✅ Only users with matching email addresses already set up in your Kinnovis Manager instance will be able to log in.
Error Handling and Troubleshooting
If login fails, you’ll see a clear error message explaining the issue. Refer to the troubleshooting table for help resolving any login problems.
Common Causes of SSO Failure
Azure app was not properly configured.
Tenant ID is incorrect or not registered in Kinnovis.
The user declined Microsoft permissions during the login process.
Attempted login with a super admin email is not allowed through SSO.
Reason | Message |
SSO login failed on Azure side | "Single Sign-On (SSO) login failed. Please try again or contact your Azure administrator." |
Invalid token from Azure | "Invalid SSO token. Please ensure you are using the correct account and try again." |
Incorrect application source | "Access denied. Your login request did not originate from the correct application." |
Tenant ID mismatch or app not configured | "Microsoft Azure Active Directory (Entra ID) not activated for given tenant." |
Email not found or not a valid user | "No matching user found. Please check your login details or contact support." |
Summary
SSO with Microsoft Azure AD allows your team to log in quickly and securely using their Microsoft accounts. With just a one-time setup involving your Azure Tenant ID, you can streamline access while protecting your data. For help to set this up, please refer to your system administrator or IT department or contact our Kinnovis support team.