Configuration of Single Sign On

Relevant for: Workspace administrators (see "User roles")

Configure Entra ID (formerly Azure AD)

Create a new Azure AD App registration in the Azure portal and name it “Applysia” for example
After you have created the app registration, navigate to the app registration overview page and locate the Application (client) ID. Save this ID, as you will need it later.
Click on “Add a certificate or secret” and create a new secret. Save the value of the secret for later.
From the registration overview page click on “Add a Redirect URI” and then on “Add a platform”. Create three platform with this values:

Create a platform of type “Web” and enter https://<YOUR_SUBDOMAIN>.applysia.app/auth/sso/openid_connect/callback as redirect URI. Replace <YOUR_SUBDOMAIN> with the workspace of your organization.
Create a platform of type iOS / macOS and enter de.applysia.app as Bundle ID.
Create a platform of type Single-page application and enter https://applysia.app/callback.html as redirect URI

In the app registration overview page, navigate to the API permissions section, and add the following delegated permissions:

In the app registration overview page, navigate to the Token configuration and click “Add optional claim”. Select “ID” as token type and add this claims:

You are a workspace administrator.
You completed the configuration in the Azure AD admin center. And obtained the following values:

Sign into Applysia and navigate to the workspace settings: https://<YOUR_SUBDOMAIN>.applysia.app/tenant/edit
Enable OpenID Connect
Enter a Name for your IdP provider e.g. “Entra ID” or “ACME Account”. Your users will see this on the login screen as an additional button with the Text “Login with <Your Directory (tenant) ID>”
As Issuer URL enter “https://login.microsoftonline.com/<Your Directory (tenant) ID>/v2.0”
Next enter the Client ID and Client Secret from the Azure AD admin center
Enter https://<YOUR_SUBDOMAIN>.applysia.app/auth/sso/openid_connect/callback as Redirect Url
Enter msauth.de.applysia.app://auth/ as Mobile Redirect Url
You can leave Mobile Client ID blank
If you want to automatically provide new user accounts when they login via Entra ID the first time, you can enable it here. User accounts that are automatically provisioned are automatically assigned the "Observer" role.
Finally enable the “Email verified override” option using the slider.

Related Articles
Single view files
You are on the homepage and you can see the files that are shared with you. Clicking on the preview of the desired file will open it in a single view. Please note that you can only open files that are shared with you. You cannot take a closer look at ...
Single View: Reports
Relevant for: Normal observers, lead observers, moderators (see "User roles") The "Reports" tab in the candidate single view is visible only if you are a moderator of the assessment. When you click on the “Reports” tab in the bottom line, you will ...
Single View: Notes
Relevant for: Normal observers, lead observers, moderators (see "User roles") When you click on "Notes" in the bottom row, you can view the candidate-specific notes. As a moderator, you can optionally view the notes from all observers for different ...
Single View: Rating
Relevant for: Normal observers, lead observers, moderators (see "User roles") To view the individual results of all candidates, click on the “Details Button” below the consolidated matrix (whether viewing the rating or the ranking) under the values ...
Observer interface login
Relevant for: Normal observers, lead observers, moderators (see "User roles") You have two options for using the Applysia observer interface: As a browser-based, device-independent web version, or as a native iPad app The main difference between the ...