Microsoft authentication
Set up Microsoft SSO to speed up logging in.
We only support SSO logins with Microsoft Entra ID accounts. We no longer support logging in with Microsoft personal accounts.
Setup
To set up the SSO:
- Learn more about the default scopes required by Graph API to connect Next Matter to Microsoft.
- Provide Next Matter with Tenant ID.
- Grant admin consent for Next Matter.
Provide Tenant ID
To set up Microsoft SSO, you need to provide us with Tenant ID
(also known as Directory ID
) that you can find in your Azure Portal. The tenant ID is a unique identifier for your organization's Azure instance. Note that we use OpenID Connect, both for SSO and Graph API.
Pass the Tenant ID to your Next Matter account manager so that we can whitelist it on our end.
We can only assign one tenant per workspace.
Find the Tenant ID in the portal
- Go to https://portal.azure.com and sign in with your admin account.
- Navigate to the Microsoft Entra ID service from the left-hand side menu or search for it in the search bar.
- On the Entra ID overview page, you'll see your tenant information, including the Tenant ID (also referred to as the Directory ID). Alternatively, you can use this link to open the overview page directly.
- Make sure the email field on the Entra ID account is set and matches the email address of the user in Next Matter.
Get Tenant ID using CLI or Powershell
az account show --query tenantId -o tsv
(Get-AzContext).Tenant.Id
If you have access to multiple tenants, make sure you are checking the tenant ID for the correct tenant.
Note that the initial authorization is done using the OAuth2 flow, and then we request additional scopes for each connected Microsoft service.
Grant admin consent
When setting up SSO, the organization's Global admin will also be prompted to grant admin consent to the Next Matter app in Entra ID.
The permissions required include:
- Reading user profile
- Accessing email data
- Directory read access.
You can provide the consent in one of three ways:
- Approve all requested permissions.
- Log in to Entra ID (Azure Portal) and go to Enterprise Applications > All applications.
- Search for Next Matter and click it.
- Click Grant admin consent for Next Matter for the required permissions.
- Approve login attempts as they come.
- Go to Entra ID > Overview > Sign-ins.
- Search for the Next Matter login attempt.
- Review the details of the login and provide consent directly.
- Approve all permissions through Next Matter.
- Log in to Next Matter with a user that has Azure Admin privileges using Microsoft SSO.
- When prompted, provide consent on behalf of your organization.
Granting admin consent means that Next Matter has the necessary permissions to interact with your Azure tenant as specified and users won't be prompted to grant individual permissions when using Next Matter.
We can't enforce specific login methods for users.
Updated 20 days ago