Single Sign-on (SSO) is an authentication method that lets users log in using Microsoft Azure as the trusted third party. This allows users to use one set of credentials for multiple programs. SSO can also be used to auto provision new accounts for your employees instead of manually creating or inviting them as users.
Please note that you must have a Professional or Enterprise plan subscription to access this feature.
Activate Single Sign-on
To configure SSO for Azure:
- Click on the gear icon on the top to head over to the general settings.
- Under Access & Security in the left menu, select Single Sign-on.
- Toggle the switch to Use Single Sign-on.
- Select Microsoft Azure as your SSO provider. SSO is now activated.
After enabling SSO, we recommend testing the login flow with a non-admin user account to ensure everything works as expected before rolling it out to your organization.
First-Time Login Authorization
When users sign in with Microsoft Azure for the first time, Azure will display a one-time authorization prompt. This consent allows the app to access basic profile information (such as name and email) required to complete authentication.
After consent is given, future logins will occur automatically without additional prompts.
Configure Auto Provisioning
Auto provisioning means that if a user without an existing TestMonitor account attempts to sign in, an account will automatically be created for them. If Auto Provisioning is switched off, only users that already have an account in TestMonitor can sign in. If you select to turn auto provisioning on, then you will have additional information you can fill in:
- Allowed domains: Only users with email addresses that match one of these domains will be provisioned.
- Project for new users: This is an optional section to specify which project new users will automatically be provisioned to.
- Role for new users: This is an optional section to specify what role new users will automatically be provisioned to.
Sign in with Single Sign-on
If SSO is configured, you will see Sign in with Azure as an option on your TestMonitor login page.
Click this button and, if you haven’t already, fill in the email address and password of your Microsoft Azure account to log in. You are now also automatically logged in to TestMonitor.
Disable Single Sign-on
To disable SSO:
- Click on the gear icon on the top right for Settings.
- Under Access & Security in the left menu, select Single Sign-on.
- Toggle the switch off for Use Single Sign-on.
Troubleshooting
Users are seeing an “app not verified” or “access blocked” message
This often happens if the user hasn’t been assigned to the application in the Azure portal.
- Ensure the user is assigned to your app under Azure Active Directory → Enterprise Applications → TestMonitor → Users and Groups.
- Verify the correct roles and permissions are assigned if your app uses role-based access.
A user cannot sign in but others can
This often results from incomplete or incorrect app assignments, role misconfigurations, or licensing restrictions.
- Check that all affected users are properly assigned to the application.
- Verify that the app’s required attributes and claims are configured in Azure AD → Enterprise Applications → TestMonitor → Single sign-on → User Attributes & Claims.
Ensure users have the necessary Azure AD license (if required for SSO).
The SSO login page keeps prompting for credentials
Common causes include session conflicts, multiple accounts, or conditional access policies.
- Ask users to clear browser cookies or try an incognito/private browser window.
- Ensure they are signing in with the correct Azure AD account.
- Check if your organization has Conditional Access policies that require MFA or restrict locations/devices.