How do I set up Microsoft Entra ID (SSO) integration with T.M.A.S.?

Learn to seamlessly integrate Microsoft Entra ID for Single Sign-On with T.M.A.S. for improved security and user access.

Table of Contents

    T.M.A.S. integrates with Microsoft Entra ID (formerly Azure Active Directory), allowing users to sign in with their Microsoft account. This article explains how to configure the integration and resolve common setup issues.

    How It Works

    • Users sign in to T.M.A.S. using their Microsoft account credentials via the Sign in with Microsoft button.
    • T.M.A.S. does not sync users from Entra ID — users must be created manually in T.M.A.S. first.
    • The email address used in T.M.A.S. must exactly match the email address registered in Microsoft Entra ID.
    • Password management and access control can be handled through Entra ID once the integration is active.

    Requirements

    • A Microsoft Entra ID tenant (default configuration from Microsoft is sufficient — no custom settings required).
    • T.M.A.S. Chain Administrator access.
    • Users must already exist in T.M.A.S. with email addresses that match their Microsoft Entra ID login.

    Step 1 — Get Your Entra Tenant ID

    1. Log in to the Microsoft Entra admin center at https://entra.microsoft.com (or the Azure portal at https://portal.azure.com).
    2. Navigate to Identity → Overview (or Azure Active Directory → Properties in the Azure portal).
    3. Copy the Tenant ID (also referred to as the Directory ID).
    4. Step 3 — TMAS login page showing Sign in with Microsoft button

    Step 2 — Configure T.M.A.S. with Your Tenant ID

    1. Log in to T.M.A.S. at www.smssoftware.net.
    2. Expand Administration.
    3. Click Manage Locations → Advanced.
    4. Paste your Entra Tenant ID into the Azure Tenant ID field.
    5. (Optional) Enable Mandatory Authentication to require all T.M.A.S. users below Chain and User Manager level to sign in exclusively via Microsoft. Users with Chain or User Manager permissions retain standard login access as a bypass.
    6. Click Save.
    Step 4 — Microsoft Entra permissions consent pop-up

    Step 3 — Sign In with Microsoft

    1. On the T.M.A.S. login page, click Sign in with Microsoft.
    2. Use the same email address that is configured in T.M.A.S. for your account.
    Step 2 — TMAS Advanced settings showing Azure Tenant ID field

     

    Step 4 — Accept the Microsoft Permissions Request

    1. A Microsoft permissions pop-up will appear requesting access — accept the permission request to complete the link between your T.M.A.S. session and your Entra account.
    Step 1 — Microsoft Entra admin center showing Tenant ID location

    ⚠️ The permissions pop-up must be accepted. If it is blocked by a pop-up blocker or dismissed, the sign-in will fail. Ensure your browser allows pop-ups from T.M.A.S.

    Step 5 — Confirm the Integration in Entra (Validation)

    Once a user has successfully signed in, the T.M.A.S. application will appear listed under your Microsoft Entra admin center, confirming the integration is active.

    Step 5 — Microsoft Entra admin center showing TMAS application linked

    Troubleshooting

    If a user cannot sign in with Microsoft, verify the following three conditions — these are the most common causes of integration failures:

    1. Email mismatch — The email address in T.M.A.S. must exactly match the email address used to log in to Microsoft Entra ID. T.M.A.S. does not sync users from Entra, so both must be set up manually and must match precisely.
    2. Tenant ID mismatch — The Tenant ID entered in T.M.A.S. Advanced settings must exactly match the Tenant ID from your Microsoft Entra admin center. Even a single character difference will cause sign-in to fail.
    3. Permissions not accepted — During the first sign-in, Microsoft presents a permission consent pop-up that must be accepted. If this was dismissed or blocked, the user will need to attempt sign-in again and accept the prompt.

    💡 Note: Issues are almost always on the customer's Entra configuration side, not the T.M.A.S. integration itself. The integration has been verified to work correctly with default Microsoft Entra settings. If the customer's Entra environment has custom conditional access policies, admin consent requirements, or restricted app registrations, those settings may block the sign-in flow and will need to be reviewed by their IT administrator.

    Notes

    • Users must always be created in T.M.A.S. first before they can use Microsoft sign-in. Entra does not provision users into T.M.A.S. automatically.
    • Enabling Mandatory Authentication does not affect Chain Administrators or User Managers — they retain standard username/password access as a bypass.
    • This integration was previously documented as Microsoft Azure Active Directory. Microsoft rebranded the service to Microsoft Entra ID in 2023. The T.M.A.S. field label may still read "Azure Tenant ID" — enter your Entra Tenant ID in that field.
    • How do I create users in T.M.A.S.?
    • How do I manage locations and advanced settings in T.M.A.S.?
    • Why can't my users sign in with Microsoft to T.M.A.S.?
    Was this article helpful?
    Related Questions
    header-top-left-border Created with Sketch.
    header-top-right-border Created with Sketch.