Organization Owner access is required in PlayerZero to configure SSO. Entra ID administrator access is required in Azure to create the app registration and adjust settings.
Overview
This guide walks you through creating a Microsoft Entra app registration and wiring it to PlayerZero. We use the OIDC Authorization Code flow with PKCE. PlayerZero only requests standard OIDC claims.Prerequisites
- A PlayerZero organization where you are an Owner
- Admin access to Azure Portal for your tenant
- PlayerZero redirect URL:
https://playerzero.ai/api/auth/sso
Step 1 β Create the App Registration in Entra
- Select
Single Tenantaccount type - Add as Web registration using the redirect URL:
https://playerzero.ai/api/auth/sso
- Create and store a Client Secret.
Step 2 β API Permissions (OpenID Connect)
- In the app registration, open API permissions β Add a permission β Microsoft Graph β Delegated permissions.
- Add these scopes:
openidprofileemailoffline_access
- Grant admin consent for your tenant.
Step 3 β Configure PlayerZero
- In PlayerZero, open Settings β SSO Configuration β Add SSO Configuration.
- Fill in:
Fetch SSO config from well-known endpointwith yourOpenID Connect metadata documentendpoint. - Click Fetch from Well-Known (PlayerZero will query:
https://login.microsoftonline.com/<Directory (tenant) ID>/v2.0/.well-known/openid-configuration) - Verify your organizationβs domain and other autofilled settings.
- Enter your
Client IDandClient Secret Value. - Add the
openid profile email offline_accessscopes. - Toggle on
Use PKCE (Proof Key for Code Exchange).
Step 4 β Test the Connection
- In PlayerZero SSO Configuration, click Test Connection.
- Complete the Microsoft sign-in in the popup.
- On success, click Save Configuration.
Next Steps β Rollout & User Impact
Once SSO is saved and enabled, PlayerZero will invalidate existing sessions:- All users will be logged out of PlayerZero.
- When users log back in through SSO, they will be able to access all previous work. No data will be lost in the transition.