Azure Active Directory
This document describes how to set up the Single Sign-On (SSO) for Orkestra on systems that use Azure for identity and access management.

Azure AD setup

To enable SSO, you must first complete the setup on the Microsoft AAD.

Register the App

  1. 1.
    In the Microsoft Azure portal, navigate to the "Azure Active Directory" service
2 . Select App registration
3 . And select "New Registration"
4 . Enter the following details :
5 . Create new client secret
6 . Go to API Permissions => Add a permission
6 .1 Select Microsoft Graph => application permissions
6 .2 Add the below permissions then click "Grant admin consent for Orkestra" :
Make sure that these permissions are granted for orkestra

Orkestra Admin setup

Open Orkestra with an admin account ,and go to SSO console
Enter the following details
  1. 1.
    Organization Name : Your organization name (ex : Orkestra)
  2. 2.
    Tenant id : Go to your app registration overview => Directory(tenant) ID
3. Client id : Go to your app registration overview => Application (client) ID
4. Entreprise App Object Id : Go to Entreprise applications => orkestra => overview =>Object ID
5. App Secret : Paste your app secret previously created
6. Admin Id : automaticallt filled
7. Add all domains you want to authorize (ex:

Orkestra user sign on

Copy link
On this page
Azure AD setup
Register the App
Orkestra Admin setup
Orkestra user sign on