ISMS Copilot
Security

Setting up Microsoft SSO for your organization (Azure admin consent)

If your organization uses Microsoft Entra ID (Azure AD) and your tenant policy disables end-user OAuth consent, your team members will not be able to sign in to ISMS Copilot using "Continue with Microsoft" until a tenant administrator grants consent on behalf of the whole organization.

This is a one-time, ~2-minute action by an administrator.

Any user in your Microsoft Entra tenant with one of these roles can grant tenant-wide consent for ISMS Copilot:

  • Global Administrator

  • Privileged Role Administrator

  • Cloud Application Administrator

  • Application Administrator

  1. Open the following URL in your browser, signed in as a Microsoft Entra admin with one of the roles above:

    https://login.microsoftonline.com/{your-tenant-id-or-domain}/adminconsent?client_id={our-client-id}

  2. Replace {your-tenant-id-or-domain} with your verified primary domain (for example contoso.com) or your Microsoft Entra directory ID.

  3. Microsoft will show a consent screen listing the permissions ISMS Copilot is requesting.

  4. Confirm the permissions are limited to:

    • openid — sign-in identity

    • email — work email address

    • profile — name and basic profile information

    ISMS Copilot does not request mailbox, file, calendar, or any other Microsoft 365 data access.

  5. Click Accept.

  6. Microsoft will display a "consent granted" confirmation page. You can close it.

After this, anyone in your tenant who is otherwise allowed to access ISMS Copilot can sign in with "Continue with Microsoft" without seeing an individual consent screen.

"Publisher not verified" warning

You may see a warning that ISMS Copilot's publisher is not verified. ISMS Copilot is in the process of completing Microsoft's verified-publisher program. The actual permissions being requested remain openid, email, and profile — no Microsoft 365 data access — regardless of publisher verification status.

Need help?

If your tenant has additional restrictions (for example a "block apps from unverified publishers" policy that prevents admin consent until publisher verification completes, or app assignment policies that require explicit user/group assignment), email [email protected] and we will work with your IT team directly.

Microsoft's official documentation for the admin-consent flow: https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/grant-admin-consent

Was this helpful?