SSO · Azure AD Instance

To setup a specific Azure AD Instance we will need the following

  • Application (client) ID
  • Directory (tenant) ID
  • OpenID Connect metadata document
  • Application (client) Secret Value


  1. Register application
  2. Configure authentication
  3. Generate application secret
  4. Configure branding

1. Register Application

From “All Services” select “All” then scroll to “Azure Active Directory”

Under “App registrations” select “New registration.”

Fill out a new registration for KPA EHS.

  • Name: KPA EHS
  • Redirect URI:

Copy the following details

  • Application (client) ID
  • Directory (tenant) ID
  • OpenID Connect metadata document

2. Configure authentication


  • “ID tokens” ✅

API permissions

  • “Grant admin consent” ✅
    • If this is not enabled then any user can deny consent and be unable to sign-in.

3. Generate Application secret

Certificates & Secrets

  • Select “New client secret”
  • Description: KPA EHS
  • Expires: 24 months
    • Ideally, this would be the maximum allowed. SSO will stop working once this expires.
  • Copy the Value column to use for our Application (client) Secret Value
    • The Secret ID column is for your own reference.

4. Configure branding


The app registration should be complete.

With this we can enable SSO. We can also setup a staging site for testing SSO without interfering with normal site operations.

Contact support if you have any questions.

KPA EHS in 60 Seconds

Watch this quick overview of the KPA EHS system.

10 Minute Walk-through

Watch this walk-through of the KPA EHS system.