Setup Guide: Microsoft Azure AD (Entra ID)
Overview
To setup and configure the Procore-Initiated SSO solution with Microsoft Azure Active Directory (Azure AD).
Preparation Phase
To prepare for the integration, complete these steps:
- Send a request to your company's Procore point of contact to discuss your company's specific SSO requirements and goals.
- Ensure that you or a user in your IT organization has an active account with Global Administrator rights to Azure AD.
- In Azure AD, select and assign users to create an SSO group that contains the users who will be using your Procore-Initiated SSO solution. For instructions, see Microsoft's Azure Active Directory Documentation.
Integration Phase
To complete the integration, complete these steps:
- Complete the required configuration steps. See Configure Procore SP-Initiated SSO for Microsoft Azure AD.
- Notify your company's Procore point of contact that the configuration is complete.
Note: Your Procore point of contact or Procore Support must add the email domain(s) that will be targeted for login via SSO to Procore's Admin tool before you can enable Single Sign-On. - Log in to Procore. See Log into Procore Using SP-Initiated Azure AD.
Management Phase
Once the integration has been completed, the following should be considered:
- Users with login credentials that contain the email domain(s) that are targeted for login via SSO will be required to log in to Procore using the credentials for their Azure AD account.
Note: The log in process is supported by Procore Web, Procore for Android, and Procore for iOS. - Passwords and password policies are managed in your company's Azure AD account.
Note: If your company will be providing Procore access to end users whose login credentials do NOT contain a targeted email domain, those users will sign in using the login credentials in their Procore user profile.