# Single Sign-On (SSO) Authentication DevArmor supports **social authentication** through enterprise identity providers, allowing users to sign in securely using their existing accounts. Currently supported providers: * Google * Microsoft This allows organizations to simplify user access while leveraging their existing identity and access management policies. | Provider | Authentication Method | | --------- | --------------------------------------- | | Google | OAuth 2.0 (Google Sign-In) | | Microsoft | OAuth 2.0 / Microsoft Identity Platform | Users can authenticate using their **existing Google Workspace or Microsoft accounts** without needing to create a separate DevArmor password. ## How Users Sign In 1. Navigate to the **DevArmor login page:** [**https://app.devarmor.com/sign-in**](https://app.devarmor.com/sign-in) 2. Select one of the available sign-in options: * **Sign-in with Google** * **Sign-in with Microsoft** 3. Authenticate with your identity provider 4. After successful authentication, you will be redirected to DevArmor If it is the user’s first time signing in, reach out to to request a new account to be created. Alternatively, contact your organization's admin and they will be able to create an account for you on DevArmor platform. ## Admin Guidance for Organizations Organizations using **Google Workspace** or **Microsoft Entra ID (Azure AD)** can allow their users to sign in with their existing accounts. Recommended best practices: * Require employees to use their **corporate Google or Microsoft accounts** * Enforce authentication policies through your identity provider (MFA, device policies, etc.) * Disable personal email domains if your organization restricts them Authentication policies (such as MFA requirements) are controlled **directly within your identity provider**. ### Enabling Microsoft Login for Your Organization To allow your team to sign in to DevArmor using their Microsoft accounts, an Azure AD administrator at your organization needs to complete a one-time setup. #### What you need * An Azure Active Directory tenant (any Microsoft 365 or Azure subscription includes one) * An account with the **Global Administrator** or **Cloud Application Administrator** role #### Steps **1. Grant admin consent** Grant admin consent to the DevArmor application in your tenant by visiting the following URL while signed in as an administrator: ``` https://login.microsoftonline.com/common/adminconsent?client_id=e5a3ca80-f651-4f5b-89ab-622dfa12f7fb ``` You will be prompted to review and approve the permissions DevArmor requests (`openid`, `email`, `profile`). These are read-only and used only for authentication. **2. Share your Tenant ID** Share your tenant ID with your DevArmor contact. You can find it in the Azure Portal under: **Azure Active Directory → Overview → Tenant ID** *** That's it! DevArmor handles the rest of the configuration on our end. Once complete, your users can sign in with their existing Microsoft credentials. **Notes** * Only organizational accounts (e.g. `you@yourcompany.com`) are supported. Personal Microsoft accounts (`@outlook.com`, `@hotmail.com`) cannot be used. * Individual users do not need to install anything or create a new account. ## Troubleshooting Login Issues #### User cannot log in Verify the following: * The user is signing in with the correct **Google or Microsoft account**. Specifically, make sure they are using the same email address (including domain) as registered in DevArmor. * The browser allows authentication redirects * The user has permission to access DevArmor within your organization. #### Account created with the wrong provider If a user accidentally signs up using a different authentication provider (for example Google instead of Microsoft): 1. Contact your DevArmor administrator 2. The admin can update the account or merge identities if needed #### Authentication fails during login Common causes include: * Browser extensions blocking redirects * Expired identity provider sessions * Organization-level login restrictions Recommended fixes: * Try logging in again * Use a private browser window * Clear browser cookies for Google or Microsoft authentication ## Security Considerations DevArmor does **not store user passwords** when using social authentication. Authentication security is handled by the identity provider: * **Google** authentication is managed by Google Identity Services * **Microsoft** authentication is managed by Microsoft Identity Platform Organizations should configure security policies (such as **multi-factor authentication**) directly within their identity provider. ## Support If your team encounters authentication issues, contact: **DevArmor Support:** Include the following information when reporting issues: * User email address * Identity provider used (Google or Microsoft) * Timestamp of the login attempt * Screenshot of any error messages --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.devarmor.com/getting-started/single-sign-on-sso-authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.