Skip to main content
Sign in

Introduction

You can integrate Microsoft Azure Active Directory with Keka using OIDC (OpenID Connect) to enable secure Single Sign-On (SSO) for your employees. This setup simplifies access and provides a seamless login experience through Microsoft credentials.

This guide walks you through configuring Microsoft SSO using your organization's custom Active Directory setup.

Table of Contents

Set Up Microsoft Active Directory SSO 

Enable Microsoft SSO in Keka

  1. Go to Global Settings > Integrations and Automations > Authentication in your Keka portal.

  2. Enable the Microsoft Single Sign-on option.

  3. Select Custom Active Directory OIDC.

  4. Copy the Redirect URL shown—this will be needed in Azure. ( You need to save the credentials to ensure the URL remains unchanged. If the credentials are not saved, the URL will be altered).

Register the Keka app in Microsoft Active Directory

  1. Log in to your Microsoft Active Directory Portal.

  2. Go to Enterprise Applications.

  3. Click + New registration.

  4. Enter an application name.

  5. Under Supported account types, choose the appropriate access scope.

  6. In the Redirect URI field, select Web and paste the Redirect URL copied from Keka.

  7. Click Register.

Collect Azure credentials

  1. After registration, copy the following from the app overview:

    • Tenant ID

    • Application (client) ID

Generate client secret

  1. In the left menu, go to Certificates & Secrets.

  2. Click + New client secret.

  3. Add a description and set the expiry according to your company’s policies.


     

  4. Click Add and copy the secret value shown.

Important: Copy and store the secret value securely. You won’t be able to retrieve it again after leaving the page.

Complete setup in Keka

  1. Return to the Keka portal.

  2. Paste the Tenant ID, Client ID, and Secret Key into their respective fields.

  3. Click Update to save the settings.

Your Microsoft Active Directory SSO is now enabled for employee login.

Admin Consent (If Required)

In some organizations, Azure AD may require admin consent before users can log in. If your employees see a screen requesting admin approval, follow these steps:

  1. Open the Enterprise App you created in Azure.

  2. Go to the API Permissions section.

  3. If the Admin consent required column shows Yes, click Grant admin consent for [Your Organization Name].

  4. Once consent is granted, your employees should be able to log in via Azure AD.

Tip: Admin consent is a one-time setup step to allow your users to authenticate with this app.

 

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk