Link to YouTube Video: Understanding Azure AD & SSO in Isolocity


Overview

This article explains the difference between Azure Active Directory (Azure AD) and Azure Single Sign-On (SSO) and how each service integrates with Isolocity to manage user access and authentication.

What is Azure Active Directory (Azure AD)?

Azure AD is Microsoft’s cloud-based identity and access management service.
 It allows organizations to:

  • Manage and secure access to Microsoft 365, Azure services, and third-party applications like Isolocity.

  • Enforce security policies.

  • Centrally manage users and ensure only authorized individuals access company resources.

Azure AD Features Supported by Isolocity

  1. New users created through Azure can be provisioned in Isolocity.

  2. Users removed through Azure will be inactivated in Isolocity.

  3. User roles in Isolocity are determined by:

    • The default role in Organization Settings, or

    • Azure user groups.

Note: Users are assigned to the default team listed in Isolocity. To add users to multiple teams, navigate to User Manager and update team assignments manually.

Isolocity User Roles Overview

  1. Admin – Full access, paid role, can create new users in Azure.

  2. Manager – Paid role with extended access.

  3. User – Paid role with access to most modules.

  4. Production User – Paid role with limited module access.

  5. Employee – Free user, can view documents and complete training.

Prerequisites for Azure AD Integration

  • A valid Azure AD account.

  • Initial setup must be done by an Azure admin account.

  • The user performing the setup must also be an admin user in Isolocity.

  • Do not deactivate or downgrade the linked admin, or user sync will break.

How to Set Up Azure AD in Isolocity

  1. Click your initials/profile picture > Organization Settings.

  2. Scroll to the Single Sign-On section:

    • Set the default team for new users.

    • Set a default user role (if not using Azure groups).

  3. In the Active Directory section:

    • Choose to sync users and groups (recommended) or sync users only.

    • Click Authenticate with Azure and log in using Microsoft prompts.

    • Accept permissions (listed under CJB Consulting Limited, Isolocity’s parent company).

    • Once accepted, a sync toggle will appear.

Configure Enterprise Applications in Azure

  1. Go to the Azure Portal > Enterprise Applications (via Microsoft Entra ID).

  2. Click Users and Groups.

  3. Assign users and groups to Isolocity.

Return to Organization Settings in Isolocity and switch the sync toggle ON.

Isolocity syncs users once daily. To manually sync, click Refresh Users.

What is Azure Single Sign-On (Azure SSO)?

Azure SSO allows users to sign in once and access multiple apps (like Isolocity) without re-entering credentials.
 This improves login convenience and reduces interruptions while maintaining security.

Azure SSO can be used without enabling Azure AD.

How to Use Azure SSO in Isolocity

  1. Make sure the user’s Isolocity email matches their Microsoft email.

  2. Navigate to the Isolocity Login Page.

  3. Click Sign in with Azure and follow Microsoft prompts.

  4. Once authenticated, the user will be directed to the dashboard.

To enforce sign-in using Azure SSO, contact support@isolocity.com.

When to Use Each Service

Azure AD Use Cases:

  • Centralized control over employee access.

  • Enforcement of multi-factor authentication (MFA) or conditional access.

Azure SSO Use Cases:

  • Employees switching between multiple SaaS apps.

  • IT teams simplifying login management and reducing password resets.

Summary

  • Azure AD = Identity and access management.

  • Azure SSO = Seamless user login across apps.

Best Practice: Use both together for maximum security and convenience in Isolocity.