Best Practice: Read before Enabling Single Sign-on 
- Single Sign-on (SSO) must be enabled for all users except for one user, who is considered the SSO administrator. This user retains password access in case the IdP (Azure, Okta) is down; they can still log in to Procurify and disable SSO access. It is recommended that all accounts, maintain an SSO administrator for this purpose.
- Once users have been provided with access to Procurify, they will be able to activate their account with the setup email sent to them. The user has 24 hours to activate the account, once the email is sent.
- Please note, these steps are dependent on your Single Sign-on provider and may change without notice. Always refer to your Single Sign-on provider for the latest instructions.
- After setting up SSO for your domain, you must provide access to Procurify for every user that will be using Azure to sign in.
Steps:
- Sign in to your Microsoft Azure portal with an administrator account. From the left side menu, select the Azure Active Directory button, followed by the Enterprise Applications button. From this page, click on the app that you created for Procurify - Web.
- From the left-hand menu, select Users and Groups, followed by the Add User button.
- Users will need both a Procurify and an Azure account with the same email address to access Procurify. For instructions on how to create a user in Procurify, click here. For instructions on how to create a user in Azure, click here.
3. After selecting your users, click the Assign button to grant them access to Procurify.
For Microsoft Azure, you do not need to assign users for the native app. Once you have finished the setup for the web, all setup steps have been completed.