If you're creating a new account then you can sign up with Microsoft (click the button here). This will add your organization's Azure 'tenant ID' automatically. Note that it is only possible if your company's security policy allows you to add new applications (typically you need to be an AD Admin user)

By default Microsoft authentication is enabled. You should just select Microsoft and login if you have a business/work enabled Microsoft account on your e-mail address.

If only the Microsoft login option is enabled, you will be sent directly to Microsoft authentication. If your users can choose between Gluu / Google / Microsoft you will be presented with the options:

Go to manage accounts to change the settings:

Go to manage accounts to change the settings here you can select "Microsoft auth" .

Azure Ad tenant id or Microsoft Role 1/2 should not be touched for just enabling single sign on (SSO).

Tenant ID can be found in the Azure Portal (https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-to-find-tenant) and is used for connecting with OneDrive and Sharepoint.

If you need to restrict roles you can require users to be a member of the two roles defined in the Gluu App in the Azure Portal. "Microsoft Role 1" means the role "Restricted Login" is required. "Microsoft Role 2" means the Restriced Login Secondary". If you check both, both roles needs to be added to the user in the Azure Portal. You can map a AD Role to this role.

You can find the settings in the Azure Portal under Enterprise Apps > Gluu > Users and Roles. Click "Add user/group" select a group or user in your Azure AD and then select the role "Restricted Login" or "Restricted Login Secondary" to add the users to the role.

Tags: Integrations, IT Support, Technical