With deskbird, you can easily integrate Single Sign-On (SSO) using Microsoft Entra ID (formerly Azure AD). This ensures secure authentication and convenient access across your organization.
1. Setup SSO with Entra ID
To activate SSO, an IT administrator must install the Microsoft Entra ID Enterprise Application and grant the required permissions.
👉 Click here to install and grant access:
https://login.microsoftonline.com/common/adminConsent?client_id=60e10e49-86e8-4755-ac34-2804c82237c6&redirect_uri=https://www.deskbird.com/single-sign-on-via-azure-ad
The required permissions are:
- User.ReadBasic.All: Allows users to sign in to deskbird and allows deskbird to read the profiles of signed-in users. Note: deskbird has no access to the profile data of users who have never signed in.
- Group.Read.All: Allows deskbird to read all user groups. This is used, for instance, to import user groups in the admin portal or to sync groups when users sign in.
There are additional standard permissions that are automatically added and don't require admin consent.
- offline_access: Allows deskbird to use refresh tokens to retrieve data via the Microsoft Graph API.
- email, openid, and profile: Automatically added permissions that grant deskbird similar permissions as user.read but with less profile information.
The permission type is delegated, meaning that deskbird accesses the Graph API as the signed-in user but with access limited by the selected permission.
2. Restrict permissions via Application Assignment
You can restrict which users or groups are allowed to access deskbird using SSO.
- In the Entra admin center, open the deskbird Enterprise App.
- Under Properties, set Assignment required to “Yes”.
- Add specific users or groups under Users and groups.
⚠️ This restricts sign-in access, but does not provision users. For automated provisioning, a separate SCIM configuration is required.