Skip to content

Setting Up Single Sign-On (SSO)

Audience: HR

As a Leader or Admin, setting up Single Sign-On (SSO) allows your team members to sign in to Hoogly using their existing company credentials — no separate password required.


Microsoft Entra ID (Azure Active Directory)

Section titled “Microsoft Entra ID (Azure Active Directory)”
FieldValue
ApplicationHoogly
Client IDe9f41572-2aca-41e9-9b55-20b42a167ff4
Auth methodOAuth 2.0 / OpenID Connect
Redirect URIhttps://hoogly-global.firebaseapp.com/__/auth/handler
Sign-on URLhttps://app.hoogly.ai

Section titled “Step 1 — Grant tenant-wide admin consent”

First, check whether Hoogly’s Service Principal already exists in your tenant — some users may have already signed in successfully.

  1. In the Microsoft Entra admin centre, browse to Identity → Applications → Enterprise applications.
  2. Search for Hoogly or the Application ID e9f41572-2aca-41e9-9b55-20b42a167ff4.
  3. If it already appears, skip to Step 2 — you only need to grant consent if it is missing.

If the application is not present, a Global Administrator or Application Administrator must grant consent:

Admin Consent URL:

https://login.microsoftonline.com/common/adminconsent?client_id=e9f41572-2aca-41e9-9b55-20b42a167ff4
  1. Sign in as a Global Administrator or Application Administrator.
  2. Open the Admin Consent URL above in your browser.
  3. On the permissions review screen, confirm the requesting application is Hoogly and review the permissions listed.
  4. Check “Consent on behalf of your organization” — this ensures all users in your tenant can sign in without being individually prompted.
  5. Select Accept. Entra ID will automatically create the Hoogly Service Principal in your tenant.

Step 2 — Verify the application appears in Enterprise applications

Section titled “Step 2 — Verify the application appears in Enterprise applications”

After granting consent, confirm Hoogly is registered in your tenant before notifying users.

  1. In the Entra admin centre, browse to Identity → Applications → Enterprise applications.
  2. Search for Hoogly. The application should appear within a few minutes of accepting consent.
  3. Select it to confirm properties and the permissions granted.

Step 3 — Restrict access to specific groups (optional)

Section titled “Step 3 — Restrict access to specific groups (optional)”

By default, any user in your tenant can sign in to Hoogly after admin consent is granted. To restrict access to a specific set of users or groups:

  1. In Enterprise applications, open the Hoogly application.
  2. Under Manage, select Properties.
  3. Set Assignment required? to Yes and save.
  4. Under Manage, select Users and groups.
  5. Select Add user/group, choose the groups or individuals who should have access, and confirm the assignment.

If your organisation uses Microsoft Teams, Hoogly can send Pulse reminders directly in Teams. This requires the same admin consent already granted in Step 1 — no additional approval needed.

To enable it:

  1. In Hoogly, go to Admin → Integrations.
  2. Click Connect to Microsoft Teams.
  3. Follow the prompts to authorise the Hoogly app in your Microsoft 365 tenant.

Once connected, Hoogly can send reminders in Teams to complete Pulses.


Hoogly requests the minimum permissions required to authenticate users. No access to email content, files, calendar, or chat is requested.

PermissionTypePurpose
openidDelegatedStandard OpenID Connect sign-in. Issues an ID token confirming the user’s identity.
profileDelegatedAccess basic profile claims (name, preferred username) in the ID token.
emailDelegatedInclude the user’s primary email address in the ID token, used to match or create their Hoogly account.
User.ReadDelegatedUsed for the Microsoft Teams integration to look up user profiles via Microsoft Graph. Not required for SSO sign-in alone.

From the Hoogly app: Navigate to app.hoogly.ai, select Continue with Microsoft, and sign in with a work account from your tenant. If already authenticated to Microsoft in your browser, you should be signed in without re-entering your password.

Test on behalf of a specific user: In the Entra admin centre, navigate to Enterprise applications → Hoogly → Single sign-on and use the Test this application button to simulate the login flow for a specific user.


“Need admin approval” message when signing in Admin consent was not completed, or was accepted by a non-administrator account. Repeat Step 1 while signed in as a Global Administrator or Application Administrator.

“Access denied” or error code AADSTS50105 Assignment is required on the Hoogly enterprise application, but the user has not been added. Add the user or their group under Users and groups in the Hoogly application settings in Entra.

Hoogly does not appear in Enterprise applications after granting consent Allow up to five minutes for the application to propagate. If it still does not appear, revisit the Admin Consent URL while signed in as a Global Administrator.

Users are prompted to sign in on every visit This is governed by your organisation’s Conditional Access policies and sign-in frequency settings in Microsoft Entra, not by Hoogly. Review these under Entra ID → Security → Conditional Access.

A user’s name or email appears incorrectly in Hoogly Hoogly reads the user’s profile from the ID token at first sign-in. If the data has changed in Entra, ask the user to sign out and back in, or contact support@hoogly.com to update the account record.


(Instructions for Google SSO setup will be added here.)