Overview
Configure Azure Active Directory (Microsoft Entra ID) as an OAuth provider for your env zero organization. This integration enables authentication through Microsoft Entra ID and supports automatic team syncing based on Azure AD groups.Prerequisites
Edit Organization Settings permission is required to configure SSO.Setup Steps
Register Application in Microsoft Entra ID
Register an application in the Microsoft identity platform. In platform settings, select Web and add a Redirect URI:
https://login.app.env0.com/login/callbackCreate Client Secret
Create a Client Secret and note the value. Copy the Application (client) ID and Client Secret Value for the next step.
Multitenant Microsoft Entra IDIf you are in a Multitenant environment, under Authentication / Supported account types, select โAccounts in any organizational directory (Any Azure AD directory - Multitenant)โ.
Enabling Access
If users have trouble accessing the App Registration, grant admin consent:Navigate to API Permissions
Go to Manage > API Permissions or Security > Permissions in your Azure AD application.
Teams Syncing
Teams SyncingTeams are synced each time a user logs in:
- env zero creates a new team if one doesnโt exist based on the group name from the OAuth provider.
- If the team exists in env zero, we will not create a new team.
- Users are assigned to all teams in env zero based on the group names they belong to in the OAuth provider.
- If a user is removed from a group in the OAuth provider, they are removed from the team in env zero.