How to Enable O365 SSO
O365 SSO can only be enabled and set up by a ThreatLocker super-admin.
To enable SSO on existing administrator accounts, you will need to have a password reset email sent by the Cyber Heroes.
ThreatLocker does not recommend using SSO for your ThreatLocker Account because SSO relies on the security of a 3rd party and that security is out of ThreatLocker's control.
Currently, 0365 SSO requires the settings in Azure to be configured to 'Allow user consent for apps'.
Navigate to Security Center > Login Settings.
Click on the SSO Settings Tab.
Under 'Do you want to permit SSO for your organization?', select 'Yes'. You will receive a message from ThreatLocker stating that we do not recommend using SSO for your ThreatLocker Account because SSO relies on the security of a 3rd party and that security is out of ThreatLocker's control.
Click the 'Update Settings' button. You will receive a successful message when the settings are updated.
When you invite a new administrator, once they follow the link to set up their account, the user will have the option to confirm their new ThreatLocker account with Office 365 or manually with a password.
If the user selects the Office 365 button, a prompt will open for them to sign in to their Microsoft account.
Once they click the 'Sign In' button, the user will be logged into the ThreatLocker Portal.
The next time the user logs into the ThreatLocker Portal, once they insert their Username, the Office 365 button will populate under Login with SSO.
Please Note: If you disable SSO on an organization, any administrator accounts on that organization with SSO linked will no longer be able to log in. To regain login access, they will need to reach out to the Cyber Heroes and request a password reset.
Enabling SSO does not disable other MFA methods. We recommend that you use MFA for all accounts.