Prerequisites

An Azure/Microsoft 365 Tenant with Global Admin or Application Admin permissions.

Part 1: Registering the App in Microsoft Entra ID

This step creates a "handshake" between Microsoft and your website.

Sign In: Go to the Microsoft Entra Admin Center.

App Registrations: In the left sidebar, navigate to Identity > Applications > App registrations.

New Registration:

Name: Give it a name (e.g., "Sortana SSO").

Supported Account Types: Usually "Accounts in this organizational directory only" (Single Tenant).

Redirect URI: Select Web from the dropdown and enter your callback URL. This can be found in Manage System > System Settings > Security

Get Credentials: Once registered, look at the Overview tab and copy these two values:

Application (client) ID

Directory (tenant) ID

Create Secret:

Go to Certificates & secrets > Client secrets > New client secret.

Give it a description and an expiry date (e.g., 180 days).

CRITICAL: Copy the Value immediately. It will be hidden forever once you leave the page.

Part 2: Configuring your Project Settings

Now you need to input those values into your application's database so the PHP code can use them.

Configuration

In Sortana navigate to Manage System > System Settings > Security. Complete the following settings under Microsoft Entra SSO:

Part 3: Mapping Admin Users

For a user to log in via SSO, their Microsoft Email must match the email stored in their Sortana account.

Go to your User Management section.

Ensure every admin user has their official work email (e.g., jdoe@yourcompany.com) saved in their profile.

Note: If the emails do not match, the system will block access for security reasons, even if the Microsoft login is successful.

Troubleshooting Tips

Redirect URI Mismatch: Ensure the URI in the Azure Portal matches your code exactly (including http vs https).

Permissions: If users get a "Need Admin Approval" error, an Azure Admin must click "Grant admin consent for [Company]" in the API Permissions tab of the Azure App Registration.