--- title: "Setting Up Single Sign-On (SSO) for Curiosity Cloud" slug: "setting-up-single-sign-on-sso-for-curiosity-cloud" updated: 2026-05-27T13:52:15Z published: 2026-05-27T13:52:15Z --- > ## Documentation Index > Fetch the complete documentation index at: https://knowledge.curiositysoftware.ie/llms.txt > Use this file to discover all available pages before exploring further. # Setting Up Single Sign-On (SSO) for Curiosity Cloud Single Sign-On allows your users to access Curiosity using their existing Microsoft credentials, removing the need for separate passwords. This guide walks through the setup steps in Microsoft Entra ID and explains what information to send to Curiosity to complete the configuration. > **Note on licensing:** Enabling SSO is a small addition to your existing license costs. Please contact your Curiosity sales representative before starting if you have any questions about pricing. --- ### Before You Start You will need: - Access to [Microsoft Entra ID](https://entra.microsoft.com) (or Azure Portal) with permission to create app registrations - Admin consent rights in your tenant - Your Curiosity sales contact details if you have licensing questions --- ### Step 1: Create the App Registration 1. Open [https://entra.microsoft.com](https://entra.microsoft.com) (or navigate to portal.azure.com and select **Microsoft Entra ID**). 2. Go to **Applications > App registrations > New registration**. 3. Set the name to **Curiosity Modeller SSO** (or any name that suits your organisation). 4. Under **Supported account types**, select **Accounts in this organizational directory only**. 5. Under **Redirect URI**, choose **Web** and paste in the following URL: ```plaintext https://test-modeller-cloud.auth0.com/login/callback ``` 1. Click **Register**. --- ### Step 2: Grant Microsoft Graph Permissions In the new app registration, go to **API permissions** and confirm the following four delegated permissions are present: | Permission | Type | Purpose | | --- | --- | --- | | openid | Delegated | Sign users in | | profile | Delegated | Basic profile claims (name) | | email | Delegated | Email claim | | User.Read | Delegated | Read basic profile via Graph (used by Auth0) | `openid`, `profile`, and `email` are usually added automatically. If **User.Read** is missing: 1. Click **Add a permission > Microsoft Graph > Delegated permissions**. 2. Search for **User.Read**, tick it, and click **Add permissions**. Once all four permissions are in place, click **Grant admin consent for [your tenant]** so users are not individually prompted on first sign-in. --- ### Step 3: Collect Three Values You will need to send Curiosity three pieces of information to complete the configuration. #### 1. Microsoft Azure AD Domain Your primary domain, for example `acme.onmicrosoft.com` or a verified custom domain such as `acme.com`. **Where to find it:** Entra admin centre > Overview > Primary domain. #### 2. Application (Client) ID A GUID in the format: `0979ede5-3a6f-4416-9917-95eb650cf34a`. **Where to find it:** App registration > Overview > Application (client) ID. #### 3. Client Secret Go to **App registration > Certificates & secrets > Client secrets > New client secret**. Set the description to **Curiosity Modeller** and the expiry to **24 months** (or per your organisation's policy). > **Important:** Copy the **Value** column immediately after saving. It will not be visible again after you leave the page. --- ### Step 4: Send Us the Values Once you have the three values above, send them to the Curiosity team and we will configure SSO for your organisation. *For any further questions about SSO configuration or licensing, please contact your Curiosity sales representative.*