Articles on: Single Sign-on

Single Sign-On (SSO) in collaboration with Microsoft Azure AD

With Pluvo, you can easily set up Single Sign-On (SSO) for your academy. In this article, we explain how to retrieve the data in Microsoft Azure AD.
Once you have this information, you can easily implement Single Sign-On (SSO) in Pluvo. You can find more information about this in this article.

Note: For the following steps, you need to have an administrator account for Microsoft Azure AD and a Company subscription with Pluvo.

Settings in your Azure AD portal

Click on Azure Active Directory

Azure Active Directory

Go to the correct tenant

Correct Tenant

Go to App registrations.

It's also possible to create an enterprise application. Choose 'Register an application to integrate with Azure AD (App you’re developing)' there. The fields are the same as step 4. Then proceed to step 5.

Click on 'New registration' and create a new App with the following details.
App Name: [Choose a clear name]
Account types: Single tenant

In the next step, a name must be given to the client-ID. Choose a clear name, for example: 'Webclient Pluvo academy' so you'll remember later what this client-ID is used for.

Then copy the "filled in" parameter from Pluvo to Microsoft Azure AD (You can find this parameter in Administration > Settings under 'SSO & LTI').

For Example:

Authorized redirect URIs: https://

In this screen, you can fill in the following fields:


Now you can register this app. After registration, you'll land on the App overview page.

Here, you'll find the [1] Application client ID and [2] Directory (tenant) ID.

Note: Make sure to copy the client ID and the Directory (tenant) ID, as you'll need these later for the Pluvo SSO settings.

App Overview

Certificates and secrets

Now, let's go to the 'Certificates and Secrets' menu in the newly created app.

Create a new Client Secret and give it a description.
Set the 'Secret' to never expire.
Then copy the value of the newly created [3] Secret.

Note: You'll need this secret later for the Pluvo SSO settings.

Client Secret

API permissions

Navigate to 'API Permissions' and create a new permission by clicking 'Add a permission'.

Select 'Microsoft Graph' and then 'Delegated permissions'. Then check 'email' and 'openid' in the list and add them by clicking the 'Add permission' button.

API Permissions


You now have all the necessary information to fill in Pluvo. You can find these fields in the academy under Administration > Settings under 'SSO & LTI'.

Client ID
Directory (tenant ID)

Pluvo SSO Settings

OAuth Client id = ..... [Obtained above]
OAuth Client secret = ....... [Obtained above]

The following fields are always identical for Microsoft Azure. However, fill in the tenant-ID obtained in the above steps in the designated place.

Authorization endpoint:[Tenant ID]/oauth2/v2.0/authorize
Token endpoint:[Tenant ID]/oauth2/v2.0/token
User endpoint:
Scope = openid email
Oidc sign algo = RS256
Oidc op jwks endpoint:[Tenant ID]/discovery/v2.0/keys

Simply fill in the required fields, click "Save," and switch the slider to "Active."

Afterward, your users can seamlessly log in via SSO!

Test SSO link

Note: When testing the link as an ADMIN, check that your email address is filled in your profile. If not, you cannot log in. Pluvo requires an email address to function.

Test SSO Link

Updated on: 12/04/2024

Was this article helpful?

Share your feedback


Thank you!