Skip to main content

Microsoft Single Sign-On (SSO) Setup

Lydia Booth
Updated

Microsoft Single Sign-On (SSO) Setup

Enable secure access to Flexpoint using your organization's Microsoft account

Flexpoint supports Microsoft Single Sign-On (SSO), allowing employees to sign in using their existing Microsoft account. This simplifies access while maintaining your organization's security policies such as MFA and Conditional Access.

How Microsoft SSO Works 🔐

Overview

  • Users sign in with their Microsoft work account
  • No separate Flexpoint password required
  • Microsoft handles authentication and security enforcement
  • Existing policies like MFA and Conditional Access still apply

Benefits

  • Stronger security — leverage Microsoft authentication and policies
  • Simplified login — no additional credentials to manage
  • Centralized access control — manage users in one place
Before you begin:
  • A Microsoft administrator will usually need to complete this setup.
  • If your organization already enforces MFA or Conditional Access in Microsoft, those policies will continue to apply when users sign in to Flexpoint.
  • If Flexpoint is already available in your Microsoft Entra environment, some setup steps may be skipped.

Required Information

  • Flexpoint Sign-In URL — The page your users will use to sign in
  • FlexPoint SSO Application ID: — d256eea6-69d1-4144-9ae7-df98be3b45bd

Step-by-Step Setup 🛠️

  • Go to the Flexpoint Sign-In URL and select Sign in with Microsoft
  • Or, in the Microsoft Entra admin center, go to Identity → Applications → Enterprise Applications and search for Flexpoint

    • If Flexpoint is already present and users can sign in successfully, you can move to Step 3

  • For a multitenant application like Flexpoint, your Microsoft administrator should use the FlexPoint SSO Application ID provided by Flexpoint to add the Flexpoint enterprise application to your tenant.

  • Share the the FlexPoint SSO Application ID to your Microsoft administrator
  • Ask them to create the Flexpoint Enterprise Application in your Microsoft Entra tenant using that client ID.
  • Once this is complete, Flexpoint will appear in your tenant as an Enterprise Application.

  • Important: Your team should generally not create a new custom app registration for Flexpoint in your tenant. Flexpoint should be added as an existing multitenant application.

    • This step is typically completed by an IT administrator using Microsoft's documented process for creating an enterprise application from a multitenant application.

After Flexpoint is added, your organization can decide how broadly access should be allowed.

Option A — Allow access broadly

If your organization wants users to sign in without individual assignment, your Microsoft administrator may not need to assign users one by one.

Option B — Restrict access to approved users or groups

If you want only specific users or groups to access Flexpoint, ask your Microsoft administrator to:

  1. Open the Microsoft Entra admin center.
  2. Go to Identity → Applications → Enterprise applications.
  3. Open Flexpoint.
  4. In Properties, set Assignment required? to Yes.
  5. Go to Users and groups.
  6. Select Add user/group.
  7. Choose the users or groups that should have access.
  8. Select Assign.

Tip: Assigning security groups is often easier than assigning users one at a time.

  • Open Flexpoint Sign-In URL.
  • Select Sign in with Microsoft.
  • Sign in with a Microsoft account from your organization.
  • Confirm that the user can access Flexpoint successfully.

    • If access is restricted to assigned users only, be sure to test with a user who has been assigned access.

Contact Flexpoint if:
  • You are unsure if setup already exists
  • You encounter Microsoft permission errors
  • Users can sign in but cannot access Flexpoint

Related articles

Comments

0 comments

Please sign in to leave a comment.