With Microsoft Azure Active Directory Single Sign-On, users are able to sign in to SpeechLive using the Microsoft account credentials of their company, e.g. the one they use to sign in to Windows, or Office 365. It requires the IT administrator of an organization to activate the required settings first.
To configure Single Sign-On in Microsoft Azure Active Directory:
Go to portal.azure.com and choose Azure Active Directory in the list of available services.
Choose Enterprise applications on the left of the screen.
On top of the screen click on New application and search for "Philips SpeechLive".
Click on Philips SpeechLive and click Sign up for SpeechLive in the new window.
A new window opens and you will see the SpeechLive sign in screen, click on Sign in with Microsoft.
Sign in with the Microsoft Azure Active directory admin account of your company, or any account that has permissions to add new enterprise applications to Microsoft Azure Active directory.
On the permission screen, activate Consent on behalf of your organization and click Accept.
↪ SpeechLive is now added to your Enterprise applications in Microsoft Azure Active directory.
X Users can now use their Microsoft account credentials to sign in to SpeechLive (see User sign in).
After you completed all steps mentioned above, all your Microsoft Azure Active Directory users can sign in with their Microsoft account to SpeechLive. However, the users will receive an error screen if they don’t have an active SpeechLive workflow user:
The email address of the user in Microsoft Azure Active Directory Single Sign-On must match the one used for the SpeechLive workflow user. Otherwise the users will also see the error screen.
Single Sign-On only works for active workflow users or if the user was added via the Add user (Single Sign-On) function, see Add user for more information.
You may wish to change the default behavior and only allow specific users to sign-in with Microsoft to SpeechLive. To change this:
Go to portal.azure.com and choose Azure Active Directory in the list of available services.
Choose Enterprise applications on the left of the screen.
Choose SpeechLive in the list.
Click on the left side of the screen on Properties, activate the Assignment required? option on the next screen and click on Save.
Choose Users and groups on the left side, on the next screen click on Add user/group on top of the screen.
Select and add the users for whom you want to enable single sign-on.
X Now, only the users which you added are able to sign-in to SpeechLive with their Microsoft account.
Depending on your Azure Active Directory settings, your users may get the following error screen when trying to sign in to SpeechLive:
You can solve this issue by changing the following settings:
Go to portal.azure.com and choose Azure Active Directory in the list of available services.
Choose Enterprise applications on the left of the screen.
Choose SpeechLive in the list.
Click on the left side of the screen on Conditional Access. Choose the assigned policy, on the next screen choose Grant and make sure the Require approved client app option is not enabled.
After Microsoft Azure Active Directory Single Sign-On was successfully set up by their IT administrator, SpeechLive users can sign in using their Microsoft account credentials:
Go to speechlive.com/login.
Click on Sign in with Microsoft.
Sign in with your Microsoft account (e.g. Windows, or Office 365) and continue to SpeechLive.
![[Note]](/fileadmin/helpdesk-paligo/en/../css/image/note.png)
Note You can only sign in with your Microsoft account after your IT administrator added SpeechLive in Microsoft Azure Active Directory (see How to set up Microsoft Azure Active Directory Single Sign-On)
The security settings of your Microsoft account (e.g. multi-factor authentication) will also apply when you sign in to SpeechLive with your Microsoft account credentials