Microsoft Azure single sign-on
Enabling Microsoft Azure Single Sign-On in SOS List will replace the default login with Microsoft. It is recommended to keep a window open to Azure and SOS List simultaneously for this process.
In SOS List, go to SOS Settings
> Network
to see your SOS Address
. This should be the domain you are using or an IP Address.

Login to portal.azure.com and go to Microsoft Entra ID.

Go to App Registrations and click + New Registration
.

- Name the registration Kolkin SOS/SOS List or use your own naming convention.
- Under redirect URI, choose Web and input
https://
+SOS Address
+/azure
then click Register.
Example:https://example.com/azure

This makes the app registration and creates a Client ID
that SOS will use.

- In SOS List, go to
SOS Settings
>SSO+EHR
and choose Azure AD as your SSO Provider. - Copy & paste your
Tenant ID
&Client ID
into the fields and click Save.

Scroll down to Public Certificate and click Generate. Download your public certificate which will be named named kolkin-sos-azure.pem
.

In Azure, go to App Registrations
> Kolkin SOS
> Certificates & secrets
.
Navigate to the Certificates tab then upload kolkin-sos-azure.pem
.

Next, go to API permissions
and click Grant admin consent for …
which allows SOS to read user permissions to authenticate users.

To restrict access to SOS to only a subset of your organization’s users:
Start from Entra ID Overview and go to Enterprise Applications
> Kolkin SOS
> Properties
.
In Properties, switch Assignment Required to “Yes” then Save the changes.

To assign users or groups to the application, find Users and groups
under manage and click + Add user/group
.

After the Public Certificate is uploaded to Azure and User Groups are assigned, Azure is configured to authenticate users for SOS.
Go back to SOS check the Enable Active Directory box under Activate SSO.
This will force all users to sign-in with an approved Microsoft account.

Test your integration by going to your SOS Address
. You should be redirected to Microsoft and either see a login screen or be auto-signed if you’re already logged into Microsoft.
Azure Single Sign-on Maintenance & Notes:
- You can still reach the SOS sign-in page by going to
/signin
but only the Owner account can sign-in with a password. All other accounts need to sign-in with an approved Microsoft account. - The Public Certificate from SOS expires after 12 months and needs to be replaced each year.