Setup SSO with Azure AD for Awair Dashboard

Product: Awair Dashboard

Note: Awair Business Dashboard is only compatible with Awair Business App and must be activated internally before you can access it. If you’re interested in setting up an Awair Business account with us, please click here to get in touch with our sales team.


This document provides instructions to configure Awair Dashboard to use Azure AD as the 3rd party identity provider. The Azure AD identity provider will authenticate users logging into the Awair Dashboard. This means Awair Dashboard and mobile applications will delegate the authentication responsibility to the Azure AD identity provider. This is also known as Single Sign-On (SSO), where users only need to log in once through their company-designated identity provider, and they will be able to access all applications that are authenticating with the same identity provider.

Configuring SSO includes three main processes:

1. Register an application (Awair Dashboard) with Azure Active Directory Identity Provider (handled by your IT team)

2. Turn on SSO for Dashboard configuration (handled by Awair Support Team)

3. Configure SSO in the Dashboard (handled by your Organization Manager)

Register an application (Awair Dashboard) with Azure Active Directory Identity Provider


A prerequisite to enabling Azure AD as the identity provider is registering the Awair Dashboard application with Azure AD. For an identity provider to know that a user has access to a particular app, both the user and the application must be registered with the identity provider.

Below are the steps for registering an app with Azure AD. The IT team can register the app as a Single or Multi-Tenant App.

  • Single-tenant apps are only available in the tenant they were registered in, also known as their home tenant.
  • Multi-tenant apps are available to users in both their home tenant and other tenants.

For more information, please check out this Microsoft documentation

Registering with Azure Active Directory requires you to do the following:

1. Register an App

2. Create a client credential for the registered app


In your Azure Portal, select the directory in the Azure AD that you would like to work on. We selected the “” as the root directory in the example below.

Root Azure AD.png

Register an App:

Step 1: Access the app registrations tool

App Registration 1.png

Step 2: Click on the “New Registration” button

App Registration 2.png

Step 3: Enter the application details and click the “Register” button
Name: Any name that can represent the Awair Dashboard application. We recommend using Awair Dashboard.

Account Types: You can select single or multi-tenants.

Redirect URL: Select “Web” and enter the URL below. Replace the parenthesis {{org_id}} with the organization ID you want to connect to.{{org_id}}

Enter the app details.png

Step 4: Copy the Client ID and the Tenant ID. You will need this information for the next steps

Record Client ID and Tenant ID.png

Create a client credential for the registered app:

Step 1: Click on the link “Add a certificate or secret"

Create Client Secret (1).png

Step 2: Enter the client’s secret details

Enter Client Secret Detail (1).png

Step 3: Copy the client secret immediately

Client Secret Value (1).png

Turn on SSO for Dashboard configuration

For this step, please reach out to the Awair Support Team to assist with activating SSO for your Dashboard! You can send us an email to or submit a help request here.

Configure SSO in the Dashboard


This step must be performed by the Organization Manager of the Awair Dashboard. You can configure an Awair Dashboard organization for Single-Tenant or Multi-Tenant SSO.


1. Must have an initial Awair user account with the Organization Manager’s permission

2. Must have the following from Azure AD previously configured by the customer’s IT team:

  • Single-tenant Azure AD app.
    • Client ID
    • Client Secret
    • Tenant ID
  • Multi-tenant Azure AD app.
    • Client ID
    • Client Secret

Step 1: Click on the left menu - SSO Credentials

Dashboard SSO Configuration.png

Step 2: Copy the callback URL, paste it into a text editor, and Click on the “Enable SSO” button

Enable SSO and Copy Callback URL.png

Step 3: Select the Microsoft Single or Multi Tenant configuration option from the drop-down Menu

Select Single or Multitenant.png

Step 4: Enter the client details for single or multi-tenant configuration. This step is slightly different depending on which option you've selected.For single-tenant, you must enter Tenant ID, Client ID, and Client Secret.

For multi-tenant, you must enter Client ID and Client Secret.

Below are examples of Single-Tenant and Multi-Tenant.


Screenshot 2023-08-29 at 2.31.34 PM.png


Screenshot 2023-08-29 at 2.31.07 PM.png

After successful configuration, you will be asked to select the Org and log in with your SSO account. Please note the key icon next to the Org. This means SSO is enabled for the org.

Org with SSO enabled.png




Have more questions? Submit a request