Skip to main content

Goodsted SSO Integration Guide

Melek Atay avatar
Written by Melek Atay
Updated this week

Hosted OAuth vs. Custom Azure Application Setup

Goodsted supports secure Single Sign-On (SSO) integration with Microsoft Azure Active Directory (Azure AD) in two ways:

1. Hosted OAuth SSO via Goodsted’s Azure Tenant

2. Custom Azure Application Setup within the Client’s Azure Tenant

This guide explains both options and includes step-by-step setup instructions for the custom Azure app integration.

🔒 1. Hosted OAuth SSO (Goodsted Tenant)

Overview:

This default setup allows users to log in with Microsoft accounts through a multi-tenant application hosted and managed by Goodsted.

Key Features:

  • No setup required by the client.​

  • Client admin must still authenticate and approve the Goodsted application for use by their users the first time it's accessed.

  • Goodsted can restrict login access to specific email domain(s) (e.g. @yourcompany.com) to ensure only authorised users can sign in.

  • Users click "Sign in with Microsoft" on Goodsted, and the OAuth flow handles the rest.

Pros:

  • Instant access with no IT setup

  • Easy for pilots or small teams

  • Optional domain-based access control
    ​​

Limitations:

  • Less visibility into logins (no Azure AD sign-in reporting)

  • Cannot enforce organisation-wide SSO policies like MFA or conditional access

  • No branding on login or consent screens

🔐 2. Custom Azure Application Setup (Client Tenant)

Overview:

In this setup, the client registers a dedicated Azure AD application in their own tenant to manage Goodsted SSO. This gives full control over security policies, access rules, branding, and monitoring.

Set-Up Instructions

Azure Application Setup Guide for Goodsted SSO

This process outlines how to configure your own Azure AD application for SSO with Goodsted:

✅ Step 1: Create an Azure AD Application

  1. Log into the Azure Portal.

  2. Navigate to Azure Active Directory.

  3. In the sidebar, select App registrations.

  4. Click New registration.

✅ Step 2: Register Your Application

  1. Enter a descriptive Name (e.g., “Goodsted SSO”).

  2. Choose Supported account types:

    • Typically: Accounts in this organizational directory only.

  3. Under Redirect URI, select:

    • Single-page application (SPA)

    • Enter the URI:
      https://<customer-slug>.goodsted.com/custom-page.html
      (Replace <customer-slug> with your specific Goodsted subdomain or identifier.)​

  4. Click Register.

⚠️ Important: Do not select “Web” as the Redirect URI type.

You must use Single-page application (SPA).

✅ Step 3: Locate Your Client ID and Tenant ID

Once registered, your app’s Overview page will display:

  • Client ID (Application ID):

    • Copy the value listed as Application (client) ID.

  • Tenant ID (Directory ID):

    • Copy the value listed as Directory (tenant) ID.

✅ Step 4: Share IDs with Goodsted

Please send the following details to your Goodsted contact:

  • Client ID: (paste Application ID)

  • Tenant ID: (paste Directory ID)

Once received, Goodsted will finalise and test the SSO integration on your behalf.

🔄 Summary: Comparing the Two Options

Feature

Hosted OAuth (Goodsted Tenant)

Custom Azure App (Client Tenant)

Client Setup Required

None

✅ Azure app registration

Client Admin Consent Required

✅ Yes

✅ Yes

Domain Restriction Possible

✅ Yes (configured by Goodsted)

✅ Yes (via Tenant ID)

Advanced Access Policies (MFA, Conditional Access)

❌ No

✅ Full control

Azure Sign-In Monitoring

❌ No

✅ Yes

Consent Screen Branding

❌ No

✅ Customisable

Best For

Pilots, fast access, small teams

Enterprises, scale, compliance-driven orgs

🧭 Which Should You Choose?

Your Priority

Recommended Option

No setup, quick onboarding

Hosted OAuth

Full IT control & security integration

Custom Azure App

Want login restricted to your staff only

Both methods support this

Auditability, compliance, and visibility

Custom Azure App

🧑‍💻 Need Help?

If you’d like guidance during setup or have questions about the best approach, don’t hesitate to reach out to your Goodsted representative. We’re happy to support you throughout the process.

Did this answer your question?