Set up OIDC SSO for FacilityOS in Microsoft Entra ID

You can set up OpenID Connect (OIDC) single sign-on (SSO) for FacilityOS with Microsoft Entra ID.

About OIDC SSO for FacilityOS

OIDC SSO is recommended when you want a simpler setup than SAML. Instead of manually configuring SAML metadata, entity IDs, or reply URLs, a Microsoft Entra ID Global Administrator can approve the FacilityOS application when signing in to FacilityOS. Users can then sign in with their Microsoft accounts from the FacilityOS sign-in page.

Before you start

Make sure you have the following prerequisites:

• You have a Microsoft Entra user account with an active subscription. If you need to create an account, go to Microsoft Azure.
• Your Microsoft Entra user account must be a Global Administrator.
• You already exist in FacilityOS as a user.
• Your email address in Microsoft Entra and FacilityOS are the same.

Set up OIDC SSO with Microsoft Entra

1. Go to the FacilityOS sign-in page.
2. Click Sign in with Microsoft.
   
3. Sign in with your Microsoft Entra Global Administrator account.
4. When prompted, review the Microsoft consent request for the FacilityOS application. Accepting the request will allow FacilityOS to read basic profile information, such as names and emails.

5. Click Accept to approve the FacilityOS OIDC application. After approval, an application named "FacilityOS OIDC" is added to your organization’s Enterprise Applications in Microsoft Entra. 
   

   Tip:

   You can have user provisioning enabled for your account by contacting your Customer Success Manager. For more information, see Optional user provisioning via SSO.

Test OIDC SSO

After the FacilityOS application has been approved and added to Microsoft Entra, users can sign in using the "Sign in with Microsoft" option.

1. Go to the FacilityOS sign-in page.
2. Click Sign in with Microsoft.
3. Sign in with the user's Microsoft credentials to access FacilityOS.