Shapes Help Center

Setting up SSO in Shapes

Written by Shapes Support

Updated over 2 weeks ago

Overview

Shapes uses OpenID Connect (OIDC) for authentication. We only request the minimum set of standard scopes required to identify a user:

Name
Email address

We do not request access to any sensitive or extended data such as:

Emails or mailboxes
Calendars
Files or drives
Directory data beyond basic profile

Required Scopes by Provider

Microsoft Entra ID (Azure AD)

Scopes required:

openid
profile

Details:

Authentication is handled via OAuth 2.0 Authorization Code flow
Endpoint: https://login.microsoftonline.com/common/oauth2/v2.0/authorize
Users may be prompted to select their account (prompt=select_account)
Shapes reads only:
- User’s name
- User Principal Name (UPN / email)

Important:

No Microsoft Graph permissions are requested
No admin consent is required for additional data access

Google Workspace

Scopes required:

openid
profile
email

Details:

Uses OAuth 2.0 Authorization Code flow
Shapes verifies the id_token and reads:
- Email address
- First name (given_name)
- Last name (family_name)

How to connect:

Click on the 3 dots in the right hand corner, then click on Account settings:

2. Click into the Security tab and select SSO:

(Make sure to mark the checkbox by Google SSO or Microsoft SSO)