Skip to main content

How to Set Up Microsoft Single Sign-On (SSO) for Your Firm

Microsoft Single Sign-On (SSO) lets your firm securely access Realaml using existing Microsoft work accounts. Once configured, users can sign in without creating or managing a separate Realaml password.

Jordan avatar
Written by Jordan
Updated this week

This guide walks through how an admin sets up Microsoft SSO and what users can expect when logging in.

Before you start

You will need:

  • Admin access to your Realaml account

  • Admin access to your Microsoft Entra (Azure AD) tenant

Step 1: Open SSO settings in Realaml

1 - Log in to Realaml as an admin

2 - Go to Settings and open the SSO tab

3 - Enable Single Sign-On (SSO)

4 - Select Microsoft as the provider

5 - Copy the Redirect URI shown. You will need this shortly
​

Step 2: Create a Microsoft App Registration

1 - From the SSO tab in Realaml, select the Azure Portal link

2 - If prompted, sign in and confirm you are in Microsoft Entra

3 - Go to App registrations and select New registration

4 - Name the application, for example Realaml SSO

5 - When configuring Who can use this application, select Single tenant. This is the default option and must remain selected. Under Redirect URI, select Web and paste the Redirect URI from Realaml.

6 - Register

Step 3: Add Microsoft details to Realaml

From the App Registration overview page:
​

1 - Copy the Application (client) ID and paste it into the Client ID field in Realaml

2 - Copy the Directory (tenant) ID and paste it into the Tenant ID field in Realaml

Step 4: Create a client secret

1 - In Microsoft Entra, open Certificates & secrets

2 - Select New client secret

3 - Add a description, for example Realaml SSO Client Secret

4 - Create the secret

5 - Copy the Client secret value immediately

6 - Paste it into the Client Secret field in Realaml
​

Step 5: Configure API permissions

1 - Open API permissions and select Add a permission

2 - Choose Microsoft Graph

3 - Select Delegated permissions

4 - Enable the following permissions:

  • email

  • openid

  • profile

  • User.Read

5 - Add permissions

Step 6: Configure token claims

1 - Open Token configuration

2 - Select Add optional claim

3 - Choose ID as the token type

4 - Enable the following claims:

  • email

  • preferred_username

  • upn

5 - Add

Step 7: Save and enable SSO

1 - Return to the SSO tab in Realaml

2 - Confirm all three fields are filled:

  • Client ID

  • Client Secret

  • Tenant ID

3 - Select Save configuration


Logging in with Microsoft

Once SSO is enabled:

1 - Log out of Realaml

2 - Enter your work email address on the login screen

3 - Click Next

4 - Choose your Microsoft account

5 - Review and accept the permissions request

You will then be signed in and redirected to the Realaml dashboard.

How Microsoft SSO works for your team

Once enabled, Microsoft Single Sign-On (SSO) applies to all users in your firm who log in with a Microsoft work account associated with your tenant.

Users no longer need a separate Realaml password.

Access to Realaml is controlled by your Microsoft Entra tenant, including any conditional access or security policies you have in place.

Do you support SAML?

Realaml does not currently support SAML based Single Sign-On.

We support OpenID Connect (OIDC) for Microsoft Entra SSO, which is a modern, secure identity standard built on OAuth 2.0 and supported natively by Microsoft.

For most firms using Microsoft Entra, OIDC is the recommended and preferred approach.

If you need help or run into any issues, contact Realaml support via Intercom or email support@realaml.com.

Did this answer your question?