Skip to content

Azure AD Single Sign-On

With Azure AD SSO enabled, your employees sign in to Ditio using the Microsoft account they already have — no separate Ditio password to manage, and access follows your directory’s own security policies (MFA, conditional access, offboarding). Setup is a one-time app registration in your Azure tenant plus a short configuration step on Ditio’s side.

  • Access to your organization’s Azure Portal with permission to create app registrations
  • Your six-digit Ditio company ID (e.g. 012345) — contact support@ditio.no if you’re unsure
  1. Sign in to the Azure Portal and make sure you are in the correct directory
  2. Go to Microsoft Entra ID (Azure Active Directory) → App registrations
  3. Click New registration
  4. Fill in:
    • Name: choose a name (e.g. “Ditio SSO”)
    • Redirect URI: https://identity.ditio.app

From the Overview tab, copy the following and send to support@ditio.no:

  • Application (client) ID
  • Directory (tenant) ID

Go to Authentication in the left menu and add all of the following redirect URIs. Replace {ditio_companyId} with your six-digit Ditio company ID.

Production URIs:

https://identity.ditio.app
https://identity.ditio.app/signin-aad-{ditio_companyId}
https://identity.ditio.app/signout-aad-{ditio_companyId}
https://identity.ditio.app/signout-callback-aad-{ditio_companyId}

Test environment URIs:

https://identity.ditio.dev
https://identity.ditio.dev/signin-aad-{ditio_companyId}
https://identity.ditio.dev/signout-aad-{ditio_companyId}
https://identity.ditio.dev/signout-callback-aad-{ditio_companyId}

Under the Authentication settings, check ID tokens under “Implicit grant and hybrid flows”.

Once Ditio support has your Application (client) ID and Directory (tenant) ID, we configure SSO for your company and confirm when it’s ready to test.

IssueCauseFix
Redirect error after Microsoft loginA redirect URI is missing or has a typoCompare the Authentication tab against the list above — every URI must match exactly, including your company ID
Sign-in works in production but not testTest URIs not addedAdd the four identity.ditio.dev URIs
”ID token missing” style errorsID tokens not enabledCheck ID tokens under Implicit grant and hybrid flows
  • SCIM User Provisioning — automatically create and deactivate the accounts users sign in to
  • Authentication — API authentication (machine-to-machine, separate from user SSO)
  • Questions? Contact support@ditio.no with your Application (client) ID and Directory (tenant) ID