Azure AD Single Sign-On
With Azure AD SSO enabled, your employees sign in to Ditio using the Microsoft account they already have — no separate Ditio password to manage, and access follows your directory’s own security policies (MFA, conditional access, offboarding). Setup is a one-time app registration in your Azure tenant plus a short configuration step on Ditio’s side.
Prerequisites
Section titled “Prerequisites”- Access to your organization’s Azure Portal with permission to create app registrations
- Your six-digit Ditio company ID (e.g.
012345) — contact support@ditio.no if you’re unsure
Setup steps
Section titled “Setup steps”1. Register an application in Azure
Section titled “1. Register an application in Azure”- Sign in to the Azure Portal and make sure you are in the correct directory
- Go to Microsoft Entra ID (Azure Active Directory) → App registrations
- Click New registration
- Fill in:
- Name: choose a name (e.g. “Ditio SSO”)
- Redirect URI:
https://identity.ditio.app
2. Send credentials to Ditio
Section titled “2. Send credentials to Ditio”From the Overview tab, copy the following and send to support@ditio.no:
- Application (client) ID
- Directory (tenant) ID
3. Configure redirect URIs
Section titled “3. Configure redirect URIs”Go to Authentication in the left menu and add all of the following
redirect URIs. Replace {ditio_companyId} with your six-digit Ditio company
ID.
Production URIs:
https://identity.ditio.apphttps://identity.ditio.app/signin-aad-{ditio_companyId}https://identity.ditio.app/signout-aad-{ditio_companyId}https://identity.ditio.app/signout-callback-aad-{ditio_companyId}Test environment URIs:
https://identity.ditio.devhttps://identity.ditio.dev/signin-aad-{ditio_companyId}https://identity.ditio.dev/signout-aad-{ditio_companyId}https://identity.ditio.dev/signout-callback-aad-{ditio_companyId}4. Enable ID tokens
Section titled “4. Enable ID tokens”Under the Authentication settings, check ID tokens under “Implicit grant and hybrid flows”.
5. Ditio activates SSO
Section titled “5. Ditio activates SSO”Once Ditio support has your Application (client) ID and Directory (tenant) ID, we configure SSO for your company and confirm when it’s ready to test.
Common issues
Section titled “Common issues”| Issue | Cause | Fix |
|---|---|---|
| Redirect error after Microsoft login | A redirect URI is missing or has a typo | Compare the Authentication tab against the list above — every URI must match exactly, including your company ID |
| Sign-in works in production but not test | Test URIs not added | Add the four identity.ditio.dev URIs |
| ”ID token missing” style errors | ID tokens not enabled | Check ID tokens under Implicit grant and hybrid flows |
Related
Section titled “Related”- SCIM User Provisioning — automatically create and deactivate the accounts users sign in to
- Authentication — API authentication (machine-to-machine, separate from user SSO)
- Questions? Contact support@ditio.no with your Application (client) ID and Directory (tenant) ID