Skip to main content

BauGPT SSO with Microsoft Azure

This guide helps IT administrators configure Single Sign-On (SSO) for BauGPT using Microsoft Azure AD (Entra ID). Once set up, your users can sign in to BauGPT with their company credentials.

What you'll need

  • ✅ Admin access to your Azure AD / Entra ID portal
  • ✅ Permission to create app registrations in your Azure tenant
  • ✅ Authority to grant admin consent for your organization
  • ✅ Access to configure enterprise applications

Step-by-step configuration

Step 1: Create an app registration in Azure

  1. Sign in to the Azure Portal with your admin account
  2. Go to Azure Active Directory → App registrations
  3. Click New registration and fill in the details:
    • Name: BauGPT SSO
    • Supported account types: Accounts in this organizational directory only
    • Redirect URI: Platform Web, URI: https://api.baugpt.com/auth/microsoft/callback
  4. Click Register
  5. On the Overview page, copy:
    • Application (Client) ID – a GUID like 12345678-1234-1234-1234-123456789abc
    • Directory (Tenant) ID

Step 2: Create a client secret

  1. In your app registration, go to Certificates & secrets
  2. Open the Client secrets tab and click New client secret:
    • Description: BauGPT SSO Secret
    • Expiry: per your organization's policy (24 months recommended)
  3. Click Add
Important

Copy the secret Value immediately — you won't be able to retrieve it later!

Step 3: Configure API permissions

  1. Go to API permissions → Add a permission → Microsoft Graph → Delegated permissions
  2. Add the following permissions:
    • User.Read – Sign in and read user profile
    • email – View users' email addresses
    • openid – Sign users in
    • profile – View basic profile
    • GroupMember.Read.All – Read group memberships
  3. Click Grant admin consent for [Your Organization] and confirm
  4. You should see green checkmarks in the Status column

Step 4: Configure authentication settings

  1. In your app registration, click Authentication
  2. Under Implicit grant and hybrid flows: enable ID tokens
  3. Under Advanced settings: set Allow public client flows to Yes
  4. Save all changes
  1. Go to Token configuration → Add optional claim
  2. Token type: ID – select:
    • email
    • family_name
    • given_name
    • preferred_username
  3. Click Add

Step 6: Send your configuration to BauGPT

Send the following to your BauGPT contact or the support team:

Organization name: [Your company name]
Primary domain: [your-domain.com]

Azure AD configuration:
- Tenant ID: [Your Directory/Tenant ID]
- Application (Client) ID: [Your Application ID]
- Client Secret: [Value from Step 2 – send securely!]
Secure delivery

Send the client secret through a secure channel — e.g. encrypted email, password manager share, or secure file transfer.

Testing SSO

Once BauGPT confirms your configuration is active:

  1. Open the BauGPT sign-in page
  2. Click Sign in with Microsoft
  3. Sign in with your company credentials
  4. Verify successful access

Have a non-admin user run through the same flow to confirm user-level access works correctly.

Questions?

Contact support@baugpt.com.