Setting up Single Sign-On (SSO)

  • Updated on Feb 11, 2026
  • Published on Feb 11, 2026
  • 1 minute(s) read
Prev Next

Single Sign-On (SSO) lets your organization sign in to GovEagle with your existing Azure Active Directory (Azure AD) accounts. Users use one set of credentials; no separate GovEagle password is required for SSO users.

Prerequisites

  • Azure AD admin access

  • GovEagle admin access and the ability to access the Single Sign-On tab in settings

Setup

The steps below will guide you through creating a new Azure AD app registration and adding the corresponding SSO provider details to GovEagle.

Register a new app registration in Azure AD

  1. Go to Azure Portal > App registrations > New registration to create a new app and give it a name (eg. “GovEagle SSO”)

  2. Under Redirect URI, select Web and enter the value https://idp.goveagle.com/auth/callback

  1. From  Authentication > Implicit grant and hybrid flows, check both Access tokens and ID tokens

  2. From API permissions > Add a permission > Microsoft Graph > Delegated permissions, add and save these permissions:

    1. All OpenID permissions (email, offline_access, openid, profile)

    2. User.Read

  1. From API permissions page, select Grant admin consent

Create a new SSO Provider in GovEagle

Make sure to have browser windows open to both your Azure AD app registration and GovEagle’s Add SSO Provider form (Settings > Single Sign-On > Add Provider) so that you can copy values from Azure AD into GovEagle.

  1. From Azure AD’s app registration Overview page, copy the Application (client) ID value and enter it into GovEagle’s Client ID field.

  1. Also from the Azure AD’s Overview page, copy Directory (tenant) ID value and enter it into GovEagle’s Tenant ID field.

  1. Create a new client secret in Azure AD from Certificates & secrets > New client secret. Copy the secret value and enter it into GovEagle’s Client Secret Value field.

  1. From Endpoints in the app overview, copy the OpenID Connect metadata document URL, and enter it into GovEagle’s OpenID Connect Metadata URL

  1. In GovEagle’s Add SSO Provider form, select which email domains are associated with this SSO provider.

  2. Select Add Provider to save.

After following the steps above, users in your Azure AD tenant can sign in to GovEagle via SSO. Your Azure AD configuration controls which users can use this app.

Changing a user’s sign-in method

Once SSO is enabled, admins with the ability to manage users can change a user’s sign-in method from password to SSO and vice versa.

Related articles