Microsoft Entra ID SSO Setup

  • Updated on Apr 8, 2026
  • Published on Apr 8, 2026
  • 2 minute(s) read
  • WJ
 Prev

Authentication to the Guider platform is handled using Auth0. It is possible for us to configure the login and registration methods available to users in your organization when accessing the Guider platform.

In addition to registering with an email address and password, we can also support Google Workspace, Microsoft Entra ID (formerly Azure Active Directory), ADFS, LDAP, PingFederate, or any arbitrary OIDC or SAML provider. This list is not exhaustive, as we will support any enterprise connection rolled out by Auth0 in the future too.

Note:

For convenience, Microsoft Entra ID is hereafter abbreviated to Entra ID.

Technical Notes

Identity API

Auth0's integration with Entra ID can be configured to use either the Microsoft Identity Platform (v2) or the legacy v1 Identity API with either OIDC or WS Federation protocols. If no preference is given, we will default to using the Microsoft Identity Platform (v2).

Integrations

We currently support integrations with:

  • Outlook Calendar — used for scheduling events within the platform

  • Microsoft Teams — used for creating online meeting events

Permission scopes for those integrations are listed below. They are optional and depend on your organization setup.

Supported Permissions

All permissions are for the Microsoft Graph API.

SSO Permissions (Required):

Permission

Claim Value

Type

Required?

Maintain access to data you have given it access to

offline_access

Delegated

Yes

Sign in and read user profile

User.Read

Delegated

Yes

Sign users in

openid

Delegated

Yes

View users' email address

email

Delegated

Yes

View users' basic profie

profile

Delegated

Yes

Calendar & Teams Permissions (Optional)

Permission

Claim Value

Type

Integration

Required?

Read user calendars

Calendars.Read

Delegated

Outlook Calendar

No

Read and create user's online meetings

OnlineMeetings.ReadWrite

Delegated

Microsoft Teams

No

Setup Instructions

The following steps should be carried out by an individual with appropriate permissions to manage applications installed on your Entra ID tenant:

Part 1 — Create a new app registration

  1. Navigate to the Microsoft Entra admin center and select the tenant you wish to allow users to log in to the Guider platform with.

  2. In the App Registrations pane, select + New Registration. Give the application a friendly name (e.g. "Guider"). We recommend Supported Account types remain set to Accounts in this organizational directory only.

  3. Under Redirect URIs, select Web from the dropdown and add the following value:

    https://auth.guider.app/login/callback

    This is the Auth0 Universal Login callback URL. It must be entered exactly as shown. This is not your application's URL — it is the endpoint Auth0 uses to complete the authentication handshake.

  4. Click Register.

  5. Generate a Client Secret from the Certificates & secrets pane. Save this value.

  6. In the API Permissions pane, add the required permissions for Microsoft Graph.

For SSO only:

  • User.Read (Delegated)

    The openid, email, profile, and offline_access scopes are included automatically by Auth0.
    You only need to explicitly add User.Read in the Azure portal.

For Outlook Calendar integration

  • Calendars.Read (Delegated)

For Microsoft Teams integration, also add:

  • OnlineMeetings.ReadWrite (Delegated)

    Click Grant admin consent for [your organization] and follow the steps.

Part 2 — Send details to Guider

Please send the following information to your Customer Success Manager.

Required:

  • The Directory (tenant) ID where the app is registered

  • The primary domain name of the Entra ID tenant

  • The Application (client) ID

  • The Client Secret value

  • The Client Secret expiry date

Optional:

  • Preferred Identity API (v2 default, or v1 with OIDC/WS Federation)

  • Display name for this auth method (defaults to "Microsoft")

  • Custom logo for the login button

  • Additional domains for Home Realm Discovery

  • Whether to use the common endpoint

The common endpoint uses https://login.microsoftonline.com/common instead of the tenant-specific endpoint. Typically enabled for multi-tenant applications.

What happens next

Once we have this information, we will:

  1. Create your organization in our Auth0 tenant

  2. Create a Microsoft Entra ID Enterprise Connection and assign it to your organization

  3. Add any additional authentication methods requested

  4. Perform basic testing

Note:

Please allow up to 2 weeks for setup, however we will endeavour to have it ready within a few days. You will need to allocate time to test the complete login experience yourself.

Contact Us

If anything in this document is not clear, please contact your Customer Success Manager.

Related articles

Copyright © 2025 Guider. All rights reserved. Guider and the Guider Logo are registered trademarks.