After signing in, they can launch any tool from theAzure AD MyAppsand/orOffice 365 Portal.

Admins can manage user accounts, and add/remove access to applications based on membership.

Without SSO, your users have to remember app-specific log information and sign into each.

New Application signup.

The staff has to update, create, and manage accounts for each app.

Users have to remember the passwords and spend their time on signing-in.

What Is OpenID Connect?

Access permission path by clicking "App Registrations," opening your application. Navigate to "API Permissions" menu, select "Add A Permission" optio.

Both OIDC and SAML can run together.

How to Add an OpenID App from Azure AD?

you’re free to only add a single instance of an tool.

Consenting to variou permissions.

One app instance per tenant, that’s the only way it works.

Access to web APIS might be necessary.

For instance, theMicrosoft Graph APIto access Azure AD, Office 365, or Intune.

Also, any personal web APIS will need to be granted access from the tenant.

It might involve directory data access, but it doesn’t have to.

Therefore, it will work with any of your web applications.

The Azure portal is declaring a permission request to set a configured time.

Like any other configuration setting, it becomes part of the Azure AD registration data points.

Now, the permissions have been updated, the user is about to use SSO for the first time.

If the user has not been authenticated, the endpoint will prompt a sign-in.

The decision will be based on the group that has been granted to the user.

If consent was not granted, a prompt will appear and display the permissions that it requires for functionality.

A user can consent to various permissions, but others might need access to a tenant administrator account.