Set up Azure AD

Trotto supports authentication via Azure Active Directory SSO, using the OpenID Connect (OIDC) authentication protocol.

Configuration Steps

Add the Trotto application to your Azure tenant

1. Visit the Trotto signin page
2. Click Sign in with Microsoft
3. Optionally check Consent on behalf of your organization to simplify signin for other users in your tenant
4. Click Accept to grant access to the requested basic profile permissions and complete signin through Microsoft

Trotto will now appear in your Enterprise applications in your Azure tenant.

Restrict signin to Azure AD SSO (optional)

To require users to sign in to your Trotto organization with Azure AD SSO only, email help@trot.to requesting this restriction. You'll need to be an administrator for your Trotto organization.

Restricting signin to Azure AD SSO is a feature of Trotto's Enterprise plan.

Restrict Azure AD SSO to specific users (optional)

If you want to restrict access to Trotto via Azure AD SSO:

1. Locate the Trotto application in the Azure AD interface under Enterprise applications
2. Click Properties in the lefthand sidebar
3. Click Yes next to Assignment required?
4. Click Save

You can now assign specific users or groups to the Trotto application.

Required Microsoft permissions

Signing in to Trotto with Azure AD SSO requires authorizing Trotto to access your Microsoft account's basic profile, so that Trotto can match your Microsoft account to the correct Trotto user and organization.

Testing Azure AD SSO

To test signing in to Trotto with Azure AD SSO:

1. Visit the Trotto signin page
2. Click Sign in with Microsoft
3. If needed, accept the requested permissions

You should then be taken to the homepage of the Trotto application, showing the form to create a new go link.

Support

If you have any trouble setting up Azure AD SSO, reach out to us at help@trot.to.