What happens when I toggle SSO on in user portal (Enable Azure AD SSO and/or Enable SAML SSO)?

When you set up SSO, when you enable either of the toggles, it will require you to login once immediately. Only after that initial login succeeds will it be enabled for the entire account. We set it up this way to prevent the situation of getting users locked out.


When you use the Quick Method (Enable Azure AD SSO), what is happening is that the software will be associating your account with our Azure AD App Registration. This technique uses the OpenID Connect (OIDC) system to federate any logins within your account with your own Active Directory.  When your administrator first logs in, it will associate a new enterprise application using the OIDC setup in your Azure AD (You will be able to see it under enterprise applications in the Azure portal). Whenever a user tries to log into our software or our portal with an email that’s registered against your account, it will forward the login onto the Microsoft Login page, and upon successful login will confirm with our system that the login was valid.


This setup for SSO is completely independent from the SAML setup and will not manipulate the SAML settings.


If you choose to use the next option for SAML SSO, this requires a few more steps to configure.  You will have to create a new SAML enterprise app in your Azure AD, and will have to configure various settings in Azure and the Portal to link your account to that enterprise app.  Once complete, the real benefit here is the ability to enable user provisioning, so that you can synchronize the users between the Transoft Portal, and your Azure AD account via groups. This will help you delegate permissions, handle offboarding and account changes.