Single Sign-On (SSO) with Microsoft

Here's how you can use your organization's Microsoft account to log into decube directly.

Users now have the option to use Single Sign-On (SSO) for Microsoft Entra (formerly Azure Active Directory), enhancing the security and efficiency of user logins.

Without SSO-enabled, users log into the Decube app using their registered email and password. However, when SSO is linked and enabled for the organization, users must log in using Microsoft using their organization's Microsoft/Azure account to access Decube's application.

Linking and Enabling SSO for your organization

You may enforce SSO in your organization by navigating to the My Account > Org Settings page.

You will need to be an Owner or have permission to access the Org Settings in the Group-based Access Controls.

You will need to click on Enable Sudo mode to make changes on this page. You will receive a verification step to confirm the One Time Passcode (OTP) which is sent to your email before you can proceed to the next step.

You will need to check your email and enter the OTP sent to your registered email, such as the example below.

Upon entering the OTP correctly on the verification modal, you will then be able to turn on the toggle under the "Single Sign-On" option.

Upon toggling this on, you may be redirected to a page to sign in to your Microsoft account. Once you have successfully signed in, you will be redirected back to Decube's Org settings page with the toggle switched on.

As the first user in the organization to enable SSO, you will need the administrative privilege on Microsoft to grant consent to applications.

Once SSO has been enabled, all users in your organization will then receive an email as below, indicating that Microsoft SSO has been enforced on their org, and their initially registered Decube password credentials will be invalid.

Unlink Single Sign-On (SSO) for your organization follows a very similar flow to Linking SSO, simply navigate to My Account > Org Settings.

You must first "Enable Sudo Mode" and go through the verification process. After that, you simply have to click on the toggle under the SSO option to disable it.

Once SSO has been successfully disabled, the users under your organization will also receive an email notification that SSO has been disabled on your organisation which example is shown below.

Due to the previous enforcement of SSO, users must now set a new password for their Decube account before they can log in. They can do so by clicking on the Set a new password for my account option on their registered email, or go to the sign in page and click on Forget password.

Note for Admins: Admin consent workflow gives admins a secure way to grant access to applications that require admin approval. For more information, see Configure Admin Consent Workflow.

To grant tenant-wide admin consent to an application in Microsoft Entra ID and understand how to configure individual user consent settings, see Grant tenant-wide admin consent to an application. To assign users and groups to an enterprise application in Microsoft Entra ID, learn more here.

Last updated