Shapes Help Center

Setting up SSO in Shapes

Written by Shapes Support

Updated over 2 weeks ago

How to connect:

Click on the 3 dots in the right hand corner, then click on Account settings:

2. Click into the Security tab and select SSO:

(Make sure to mark the checkbox by Google SSO or Microsoft SSO)

Overview

Shapes uses OpenID Connect (OIDC) for authentication. We only request the minimum set of standard scopes required to identify a user:

Name
Email address

We do not request access to any sensitive or extended data such as:

Emails or mailboxes
Calendars
Files or drives
Directory data beyond basic profile

Required Scopes by Provider

Microsoft Entra ID (Azure AD)

Scopes required:

openid
profile

Details:

Authentication is handled via OAuth 2.0 Authorization Code flow
Endpoint: https://login.microsoftonline.com/common/oauth2/v2.0/authorize
Users may be prompted to select their account (prompt=select_account)
Shapes reads only:
- User’s name
- User Principal Name (UPN / email)

Important:

No Microsoft Graph permissions are requested
No admin consent is required for additional data access

Google Workspace

Scopes required:

openid
profile
email

Details:

Uses OAuth 2.0 Authorization Code flow
Shapes verifies the id_token and reads:
- Email address
- First name (given_name)
- Last name (family_name)