Enable Single Sign-On (SSO)

  • Updated on Jan 12, 2026
  • Published on Apr 24, 2025
  • 1 minute(s) read
Prev Next

Single Sign-On (SSO) must be enabled before a connection with an SSO provider can be configured. Single Sign-On is enabled from the Single Sign-On page.

Before SSO can be enabled, all R365 users must have unique email addresses. If duplicate email addresses are found, the users are listed for review and resolution.

Once SSO is enabled, unique email addresses are permanently enforced. Enabling SSO does not change the user login experience until a connection with an SSO provider is successfully configured. Learn more about connecting to Okta or Microsoft Entra (Azure).

Security

Users must have the following permission to enable SSO:

  • Administration → Single Sign-On (SSO) → Create/Edit Single Sign-On

These permissions can be added to custom user roles or individual users. The Permission Access report can be used to determine which user roles or users already have these permissions assigned. For more information, see User Setup and Security.

Enable Single Sign-On

To enable single sign-on, follow these steps:

Click steps to expand for additional information and images.

1) Navigate to the Single Sign-On (SSO) page.

2) Click Get Started.

If no duplicate email addresses are found, Single Sign-On (SSO) is enabled and the Single Sign-On page opens. Enabling SSO does not change the user login experience until a connection with an SSO provider is successfully configured. Learn more about connecting to Okta or Microsoft Entra (Azure).

If duplicate email addresses are found, the SSO Duplicate Email Review screen opens. Duplicate email addresses must be resolved before SSO can be enabled. Follow these additional steps to resolve duplicate email addresses:

3) Click the full name of a user whose email address needs to be changed. Their user record will open.

4) Enter a unique email address for the user.

5) Click Save on the user record.

6) Return to the Single Sign-On page, then click Update to refresh the list.

7) If duplicates remain, repeat steps 4 - 6 until no duplicate emails are found.

If no duplicate email addresses are found, Single Sign-On (SSO) is enabled and the Single Sign-On page opens.

Enabling SSO does not change the user login experience until a connection with an SSO provider is successfully configured. Learn more about connecting to Okta or Microsoft Entra (Azure)