🎉 50% OFF on all plans — Expires Jun 30 Claim now
Back to Help Home
Settings & Configuration

Configuring SSO (Google, Microsoft, GitHub)

10 minutes read time Difficulty: advanced

Configuring SSO (Single Sign-On)

Let your team log in with their existing Google, Microsoft, or GitHub accounts — no separate password needed.

Supported providers

ProviderProtocolBest for
GoogleOAuth 2.0Google Workspace teams
MicrosoftOAuth 2.0Microsoft 365 / Azure AD teams
GitHubOAuth 2.0Developer teams
Custom OIDCOpenID ConnectEnterprise identity providers

Setting up Google SSO

Prerequisites

  • Google Cloud Console access
  • A Google Cloud project

Steps

  1. Go to Google Cloud Console
  2. Create OAuth 2.0 credentials:
    • Application type: Web application
    • Authorized redirect URI: https://app.aisoule.com/api/auth/sso/google/callback
  3. Copy the Client ID and Client Secret
  4. In AIsoule, go to Settings → SSO
  5. Click "Add Provider" → Google
  6. Paste Client ID and Client Secret
  7. Save

Testing

Click "Login with Google" on the login page to verify it works.

Setting up Microsoft SSO

Prerequisites

  • Azure AD / Microsoft Entra access
  • An app registration in Azure

Steps

  1. Go to Azure Portal → App Registrations
  2. Create a new registration:
    • Redirect URI: https://app.aisoule.com/api/auth/sso/microsoft/callback
    • Supported account types: Choose based on your needs
  3. Copy Application (client) ID and create a Client Secret
  4. In AIsoule, go to Settings → SSO
  5. Click "Add Provider" → Microsoft
  6. Paste Client ID, Client Secret, and Tenant ID
  7. Save

Setting up GitHub SSO

  1. Go to GitHub Developer Settings
  2. Create a new OAuth App:
    • Authorization callback URL: https://app.aisoule.com/api/auth/sso/github/callback
  3. Copy Client ID and Client Secret
  4. In AIsoule, go to Settings → SSO
  5. Click "Add Provider" → GitHub
  6. Paste credentials
  7. Save

How SSO login works

  1. User clicks "Login with Provider" on the login page
  2. Redirected to the provider's login page
  3. User authenticates with their existing account
  4. Redirected back to AIsoule
  5. If the email matches an existing user → logged in
  6. If new email → account created automatically (if auto-provisioning is enabled)

Auto-provisioning

When enabled, new users who log in via SSO are automatically created in AIsoule with a default role. Configure in SSO settings:

  • Enabled — New SSO users get auto-created
  • Default role — What role they receive (e.g., Agent)
  • Disabled — Only pre-existing users can log in via SSO

Tips

  1. Test with one user first — Verify the flow before rolling out to the team
  2. Set a default role — So auto-provisioned users have appropriate access
  3. Keep password login — As a backup in case SSO has issues
  4. Use domain restriction — Only allow emails from your company domain

Related Articles

Invite teamRoles permissionsCreate account

Was this guide helpful?

Your feedback helps us make these guides better for everyone.