How to set up Azure Active Directory SSO

This feature is part of the Premium and Enterprise plans. See  our plans and pricing .

Use OpenID Connect in Slite to allow users to securely sign in with Azure Active Directory identities. It will also become the only way people can sign into Slite.

How to set it up?

Step one: Get a Tenant ID from Azure Active Directory

Open your  Azure Active Directory control panel . You should find your Tenant ID on the Overview tab:

https://slite.com/api/files/bvruryzHBDUxQK/image.png?apiToken=eyJhbGciOiJIUzI1NiIsImtpZCI6IjIwMjMtMDUtMDQifQ.eyJzY29wZSI6Im5vdGUtZXhwb3J0IiwibmlkIjoiVXkzV0k5V09QRFZnMDQiLCJpYXQiOjE3MjkyNDEzMjMsImlzcyI6Imh0dHBzOi8vc2xpdGUuY29tIiwianRpIjoiTGhKMmR4dlM5NzYxSHgiLCJleHAiOjE3MzE4MzMzMjN9.tmbH1cVBMfTD5yCyHvOhbgthDDfXWcoMFCTCe8UkIuo

Step two: Get a Client ID from Azure Active Directory

    .1In your Active Directory, click "Add" and choose "App registration":

https://slite.com/api/files/04sVrWdfpnbeIq/image.png?apiToken=eyJhbGciOiJIUzI1NiIsImtpZCI6IjIwMjMtMDUtMDQifQ.eyJzY29wZSI6Im5vdGUtZXhwb3J0IiwibmlkIjoiVXkzV0k5V09QRFZnMDQiLCJpYXQiOjE3MjkyNDEzMjMsImlzcyI6Imh0dHBzOi8vc2xpdGUuY29tIiwianRpIjoiTGhKMmR4dlM5NzYxSHgiLCJleHAiOjE3MzE4MzMzMjN9.tmbH1cVBMfTD5yCyHvOhbgthDDfXWcoMFCTCe8UkIuo
    .2Choose a name for this app, for example Slite.
    .3In "Select a Platform", select "Web".
    .4In the Redirect URI enter: https://slite.com/api/auth/openid/callback
    .5Click "Register".
You should now find your App under Applications > App registrations:

https://slite.com/api/files/W1JtSjBMviSIl7/image.png?apiToken=eyJhbGciOiJIUzI1NiIsImtpZCI6IjIwMjMtMDUtMDQifQ.eyJzY29wZSI6Im5vdGUtZXhwb3J0IiwibmlkIjoiVXkzV0k5V09QRFZnMDQiLCJpYXQiOjE3MjkyNDEzMjMsImlzcyI6Imh0dHBzOi8vc2xpdGUuY29tIiwianRpIjoiTGhKMmR4dlM5NzYxSHgiLCJleHAiOjE3MzE4MzMzMjN9.tmbH1cVBMfTD5yCyHvOhbgthDDfXWcoMFCTCe8UkIuo
Click on your app registration to see your Client ID:

https://slite.com/api/files/apbz8rRSWhsSZN/image.png?apiToken=eyJhbGciOiJIUzI1NiIsImtpZCI6IjIwMjMtMDUtMDQifQ.eyJzY29wZSI6Im5vdGUtZXhwb3J0IiwibmlkIjoiVXkzV0k5V09QRFZnMDQiLCJpYXQiOjE3MjkyNDEzMjMsImlzcyI6Imh0dHBzOi8vc2xpdGUuY29tIiwianRpIjoiTGhKMmR4dlM5NzYxSHgiLCJleHAiOjE3MzE4MzMzMjN9.tmbH1cVBMfTD5yCyHvOhbgthDDfXWcoMFCTCe8UkIuo

Step three: get a Client secret from Azure Active Directory

    .1In your new app registration, click "Certificates & secrets".
    .2Click "New client secret".

https://slite.com/api/files/pv3THWgRP7prF8/image.png?apiToken=eyJhbGciOiJIUzI1NiIsImtpZCI6IjIwMjMtMDUtMDQifQ.eyJzY29wZSI6Im5vdGUtZXhwb3J0IiwibmlkIjoiVXkzV0k5V09QRFZnMDQiLCJpYXQiOjE3MjkyNDEzMjMsImlzcyI6Imh0dHBzOi8vc2xpdGUuY29tIiwianRpIjoiTGhKMmR4dlM5NzYxSHgiLCJleHAiOjE3MzE4MzMzMjN9.tmbH1cVBMfTD5yCyHvOhbgthDDfXWcoMFCTCe8UkIuo

https://slite.com/api/files/hqk88l-KJBrj5U/image.png?apiToken=eyJhbGciOiJIUzI1NiIsImtpZCI6IjIwMjMtMDUtMDQifQ.eyJzY29wZSI6Im5vdGUtZXhwb3J0IiwibmlkIjoiVXkzV0k5V09QRFZnMDQiLCJpYXQiOjE3MjkyNDEzMjMsImlzcyI6Imh0dHBzOi8vc2xpdGUuY29tIiwianRpIjoiTGhKMmR4dlM5NzYxSHgiLCJleHAiOjE3MzE4MzMzMjN9.tmbH1cVBMfTD5yCyHvOhbgthDDfXWcoMFCTCe8UkIuo
    .3In "Description", enter something you'll remember, e.g. the name of your Slite workspace.
    .4In "Expires", the default is "180 days". This is shorter than most SSO providers, and we recommend a higher value. After this expiry, you'll be locked out of your Slite account until you manually update your client secret.

    .5Copy the "Value" of your new client secret. (Not its Secret ID.) You need to copy this now, and make a note of it, because Azure makes this value unavailable except immediately after creation. If you do not copy this value now, you will need to create a new client secret.

Step four: Configure your OpenID authentication on Slite

    .1Click your team avatar in the left sidebar, and click "Team settings".
    .2Click the "Security" tab in the left sidebar.
    .3Next to "SSO authentication enforcement", click "Expand".
    .4Next to "OpenID authentication", click "Configure". You should now see this form:

https://slite.com/api/files/cbObXrnOqoMJBg/CleanShot+2020-09-04+at+11.57.56%25402x.png?apiToken=eyJhbGciOiJIUzI1NiIsImtpZCI6IjIwMjMtMDUtMDQifQ.eyJzY29wZSI6Im5vdGUtZXhwb3J0IiwibmlkIjoiVXkzV0k5V09QRFZnMDQiLCJpYXQiOjE3MjkyNDEzMjMsImlzcyI6Imh0dHBzOi8vc2xpdGUuY29tIiwianRpIjoiTGhKMmR4dlM5NzYxSHgiLCJleHAiOjE3MzE4MzMzMjN9.tmbH1cVBMfTD5yCyHvOhbgthDDfXWcoMFCTCe8UkIuo
    .5In "Provider name", enter the name you wish to display on your Slite login page. (This is not used as part of the technical auth process.)
    .6In "Provider URL", enter https://login.microsoftonline.com/TENANT-ID/v2.0, replacing TENANT-ID with the Tenant ID that you noted down earlier.
    .7Under "Client ID", enter the Client ID that you noted down earlier.
    .8Under "Client secret", enter the Client secret that you noted down earlier.
    .9Click "Validate and save". It should redirect you to Azure Active Directory's authentication portal.
    .10Identify yourself, click "Consent on behalf of your organisation", and click Accept. You should be redirected to Slite.
    .11The SSO configuration process is over. Validate that your SSO login works.