Enabling Single Sign-On (SSO)

Single Sign-On is currently only available for Office 365.


Obtain Office 365 Group ID

The group ID is required for Office 365 groups to access SafeSend Returns. 

  1. Log in to the Azure Portal. Only Global Administrators or Active Directory User Roles can access Active Directory Groups.
  2. Navigate to Active Directory on the left-hand side to open the Domain Overview page. 
  3. Click Groups on the left-hand side. 
  4. Enter the name of the group you are looking for in the Search groups field. 
  5. Copy the Group ID (Object ID) from the Object ID column. 




If you have any trouble accessing Azure Portal or obtaining your Group ID, please contact Microsoft Azure Support.


Enable Single Sign-On In SafeSend Returns

Single Sign-On must be enabled in SafeSend Returns by an administrator on the account. 

  1. Navigate to Security under Settings in the left-hand panel. 
  2. Toggle the O365 switch button to On. 
  3. Click the Gear icon. 
  4. Select Azure Ad Group(s), SSR Users List, and/or Azure Subscription ID.
    • Azure Ad Group(s) allows you to add your Office 365 Group ID (obtained from the above steps). This automatically creates users from that list and allows them to log in using their Office 365 credentials. 
    • SSR Users List allows existing users to log in using their Office 365 credentials. 
    • Azure Subscription ID allows you to add your Azure Tenant ID in which all users corresponding to that ID will be allowed to log in using their Office 365 credentials. 
  5. Click Save



  • When users log in, they can select to Continue with Office365


  • New users are prompted to confirm their personal information. mceclip7.png

Approve or Deny New Users

After a User is added via the Azure Ad Group list or the Azure Tenant ID, the System Admin will be required to approve or deny their SSO login request. This is a one time approval. The approval (or denial) can be done via email or in the SSR app under "Account Management -> User Permissions".



  • The firms admin will receive an email that a new user is requesting access via Office 365 via email.
    • They will have the ability to Approve or Deny those privileges from that email request.  


  • Navigate to Account Management and then click on User Permissions 
  • Here you will see a list of all Users that have been added to the SSR application via Azure Ad Group or via the Azure Tenant ID that was set by your system administrator. 
  • Here you can see each users contact information and choose whether or not to grant them access to SSR  USerPErmissons_SSO.png


Manage Single Sign-On Users

When a member of the Office 365 group logs into SafeSend Returns, they are added to the user list as Staff by default. An administrator on the account can edit or delete the user. 

Update User Group

  1. Navigate to User Management under Account Management in the left-hand panel. 
  2. Click the gray User Group button in the Action menu for the user. 
  3. Select a designation from Available Groups.
  4. Click the right-facing arrow to move the selected group to Current Membership.
  5. Click Save


Users who have SSO Access will appear differently in the the User Management Pane. The name field of users with SSO access will be highlighted in yellow.


Revoke SSO (Single Sign-On) Access

After a user has been given SSO access, that SSO can also be revoked. You will have the choice to revoke their SSO capabilities either temporarily (in which they can request SSO access again) or permanently (the system admin will have to grant them access again without request). To revoke access:

  1. Navigate to User Management under Account Management in the left-hand panel. 
  2. Find the User you wish to revoke access to then click the button highlighted below to revoked O365 (SSO) access (This will only be applicable to uses with SSO enabled) SSO_RevokeUserAccess.png
  3. Here you can choose to revoke access Temporarily or Permanently by choosing the respective option. SSO_Revoke.png 
    • Temporarily - The user will lose the ability to sign in via SSO but can can request SSO access again. The system admin will have to admit them. 
    • Permanently - The user will lose the ability to sign in via SSO but cannot request access again. To reinstate SSO access the system admin will have to edit the specific user in User Management.SSO_EnablePermDelete.png


Delete User

Deleting users from your SafeSend Returns account or Office 365 restricts them from accessing SafeSend Returns. A user deleted from SafeSend Returns cannot be restored but can be re-added as a new user. 

  1. Navigate to User Management under Account Management in the left-hand panel. 
  2. Click the red X icon in the Action menu for the user. 
  3. Click OK to delete the user. 


For more information about User Management, see the Firm Settings Setup Guide.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request



Please sign in to leave a comment.