Configuring Single-Sign On with Microsoft Entra ID (formerly Active Directory)

If your organization uses Microsoft Entra ID (formerly Azure Active Directory) for identity management, you should configure Single-Sign On (SSO) with ActivityInfo and your Entra directory.

Read more about why Single Sign On is important for securing your organization’s data.

Step 1: Test a single account

Before starting this step, you must already have an account with ActivityInfo using an email address linked to your organization’s Entra directory.

Navigate to the following link:

https://www.activityinfo.org/login/connectSSO/microsoft

You should be redirected to the Microsoft Sign In page:

Enter your email and password, and click “Next”

You should receive a success message. From now on, you will log in through your Google Workspace account rather than entering an ActivityInfo-specific password.

Step 2: Setting up a domain policy

Once you have confirmed that users can login through their Google Workspace account, contact support@activityinfo.org to request a domain policy for your email domain. This require all new users with the email domain to login through their Entra ID account from the start.

Step 3: Migrating existing users to SSO

Setting a domain policy does not automatically migrate existing accounts from your organization to use SSO. Migrating existing users to a new means of logging in requires careful planning and communication. Many users are (rightly) suspicious of sudden changes to log in procedures, and may disregard email notifications from ActivityInfo as phishing emails.

Follow the steps in the Migrating existing users to SSO guide to proceed.

Troubleshooting: administrator approval

In some cases, your IT department may not allow third-party applications to authenticate through your Entra directory without prior approval.

In this case, contact your IT department to ask them to authorize the following application:

Display name ActivityInfo
Application (client) ID 367543a8-ef81-4791-a4cc-5ff6a91ec9d1
Object ID 5cc45d80-593b-4a26-900d-832874338bf6
Application ID URI api://367543a8-ef81-4791-a4cc-5ff6a91ec9d1

You can approve the application directly using this URL template:

https://login.microsoftonline.com/{tenantId}/adminconsent?client_id=367543a8-ef81-4791-a4cc-5ff6a91ec9d1

Replace {tenantId} with your organization’s domain name.

Next item
Configuring Single-Sign On with Google Workspace