How to enable and activate Microsoft Entra ID SSO in NordPass

Introduction

In this article, you will learn how to enable and configure Microsoft Entra ID Single Sign-On (SSO) for NordPass Business using the OpenID Connect (OIDC) protocol. This setup provides a secure and streamlined login experience for your organization while reducing administrative overhead.

 

Here's what to do

  1. Log in to the NordPass Business Admin Panel as the organization's Owner or Admin.
  2. Afterward, click on the "Authentication" button located on the left side.
  3. Under the "Single sign-on" section, enable the toggle button for the "Microsoft Entra ID" option.
  4. Choose whether to:
    • Use Microsoft Entra ID SSO only
    • Keep both Microsoft SSO and other authentication methods active.

      Note: If you want users to sign in only with Microsoft Entra ID, disable the "Email and password" option under the "Business Account" section. Be aware that users who cannot sign in with Microsoft Entra ID SSO will not be able to access their NordPass Business Account while this option is disabled.
       
  5. Next, click on your email address in the bottom-left corner and choose the "My account" button.
  6. Scroll down and revoke your existing session by pressing the "Revoke" button, or revoke all of them by pressing the "Revoke All Sessions" button.
  7. Sign in to the NordPass Business account using the "Continue with Microsoft" button.
  8. Enter your Microsoft credentials if prompted.
  9. Once the "Permissions requested" pop-up message appears, tick the box near the "Consent on behalf of your organization" and click on the "Accept" button to confirm your choice.

    Note: You must be a Global Administrator or Cloud Application Administrator to grant such consent.
     
  10. Once consent is granted, no further action is required in the Entra ID portal. NordPass automatically adds a NordPass OIDC SSO application to Enterprise Applications and maintains it for you.

 

Additional tips

  • Microsoft Entra ID SSO is prompted only when signing in on a new browser, browser profile, or device, or after logging out.
  • Enabling Entra ID SSO does not limit your users from using other authentication methods.
  • Each NordPass user’s e-mail address must exactly match their Entra ID User Principal Name (UPN).
  • The automated NordPass OIDC enterprise application is not designed for User and Group SCIM provisioning. If both OIDC SSO and SCIM provisioning are configured, two NordPass applications listed under Enterprise applications (the Gallery application and the custom application) are expected.
  • An active Business Account session remains valid for up to 30 days on the same browser or device.

    Note: Session time may differ based on what your company administrator chose during setup.
     

Was this article helpful?