By enabling Microsoft SSO, admin users can use their Microsoft credentials to log in to OpenApply. They must be already exist in OpenApply with a matching email address for successful login.
SSO Feature
Enable it at Settings > Integrations > Microsoft Entra Identity Integration and add your credentials here. Please note that only admin user can log in with Microsoft account. No other user types supported at this time.
Configuration on Microsoft Entra
The configuration needs to be applied by the admin user of the Microsoft Entra system. They need to perform the following actions:
- Set the redirect url in their Microsoft application registration, depending on region:
- https://[school-subdomain].openapply.com/auth/entra_id/callback
- https://[school-subdomain].openapply.cn/auth/entra_id/callback
- https://[school-subdomain].openapply.eu/auth/entra_id/callback
- Account Type setting:
- Multitenant: Accounts in any organizational directory
- Grant admin consent for the following Microsoft Graph APIs:
- Group.Read.All
- openid
- profile
- User.Read
Please review the following screenshots for verification:
Group Allow feature
By enabling groups, you can instruct OpenApply to only allow certain groups to successfully login with their Microsoft credentials. The group IDs need to be fetched from the Microsoft admin platform. For validation, the name cannot be empty string or blank. The description can be optional or blank.