Skip to content
AlignSure Docs

Entra ID & Single Sign-On

AlignSure uses Microsoft Entra ID as its sole identity provider. All users authenticate through your organization’s existing Microsoft tenant.

Prerequisites

Section titled “Prerequisites”
  • Microsoft 365 tenant with Entra ID (any tier)
  • Account with Global Administrator or Application Administrator role
  • Users must have active Microsoft 365 licenses

Configuration Steps

Section titled “Configuration Steps”

1. Authorize AlignSure

Section titled “1. Authorize AlignSure”

During initial setup, an administrator signs in and grants consent for AlignSure to read directory information. This registers AlignSure as an enterprise application in your tenant.

2. Review Permissions

Section titled “2. Review Permissions”

After authorization, verify the permissions in your Azure portal:

Azure Portal → Enterprise Applications → AlignSure → Permissions

PermissionScopeReason
User.ReadDelegatedRead the signed-in user’s profile
Directory.Read.AllApplicationRead directory for role mapping
TeamworkTag.Read.AllApplicationRead Teams tags for group mapping
Calendars.ReadDelegatedRead calendar for compliance scheduling

3. Conditional Access (Optional)

Section titled “3. Conditional Access (Optional)”

If your organization uses Conditional Access policies, AlignSure will respect them. Common configurations:

  • Require MFA — AlignSure sessions will require MFA if your policy mandates it
  • Named locations — Restrict AlignSure access to corporate networks
  • Device compliance — Require managed devices for AlignSure access

No special Conditional Access configuration is needed for AlignSure. It operates as a standard enterprise application.

4. User Assignment (Optional)

Section titled “4. User Assignment (Optional)”

By default, all users in your tenant can sign in to AlignSure. To restrict access:

Azure Portal → Enterprise Applications → AlignSure → Properties → Assignment Required = Yes

Then assign specific users or groups under the Users and Groups tab.

Session Management

Section titled “Session Management”
  • Sessions use OAuth 2.0 tokens issued by your Entra ID tenant
  • Token lifetimes follow your tenant’s token lifetime policies
  • Session revocation through Entra ID is respected immediately
  • No persistent sessions are stored client-side beyond standard browser cookies

Troubleshooting

Section titled “Troubleshooting”
SymptomLikely Cause
”AADSTS65001” errorAdmin consent not granted — re-run authorization
Users cannot sign inAssignment required is enabled but user not assigned
MFA prompt not appearingCheck Conditional Access policy scope includes AlignSure
”AADSTS50011” redirect errorReply URL mismatch — contact AlignSure support