Tools
Pricing
Solutions
Partners
Apps
Blog
FOR DEVELOPERS New
Read FAQ
NEW
Bitrix24 Support
Registration and Login
Bitrix24 Security
Plans and Payments
Getting Started
Employee Widget
Feed
Messenger
Collabs
Calendar
Bitrix24 Drive
Bitrix24 Mail
Workgroups
CoPilot - AI in Bitrix24
Tasks and Projects
CRM
Booking
Contact Center
Sales Center
Analytics
BI Builder
Inventory Management
Marketing
Sites
Online Store
CRM + Online Store
CRM Payment
e-Signature
e-Signature for HR
Employees
Knowledge base
Automation
Workflows
Telephony
Market
Settings
Bitrix24 Messenger
General questions
Bitrix24 On-Premise
Start for free
Log In

Bitrix24 Helpdesk

Bitrix24 Helpdesk
Plans and Payments
Enterprise cloud plan

Configure Single Sign-On (SSO) for Bitrix24

Emily Walker
Author: Emily Walker
Last update: April 28, 2026.

Single Sign-On (SSO) is available on Bitrix24 Enterprise plans. It lets employees sign in with their Microsoft Azure Active Directory account without entering a password.

With SSO and SCIM, you can manage access in one place and automate user provisioning.


Before you start

To set up SSO:

  1. An administrator must configure SSO and SCIM in Bitrix24.
  2. You need to register an application in Azure Active Directory.
  3. After setup, employees can sign in using their Azure AD accounts.

Key concepts

In this article:

Follow each step carefully to avoid locking users out.
Test SSO in a separate Bitrix24 account before enabling it for your team.


Set up SSO in Bitrix24

  1. Open your Bitrix24 profile.
  2. Go to Security > SSO and SCIM.
  3. Click Configure now.

Note:

  • Deactivating a user removes their access.
  • Reactivating restores access but not admin rights. You must grant them again.


Create a SAML application in Microsoft Azure

1. Sign in to your Microsoft Azure account. If you don’t have one, create it.
Open Azure Active Directory.

2. Go to Enterprise applications > New application.

3. Select Create your own application. Enter a name, select Non-gallery application, and click Create.

4. After the app is created, open Assign users and groups.

5. Click Add user/group and add yourself.

6. Open your profile and make sure your email is listed under Contact info. If it’s missing, you may not be able to sign in.
Add or delete users using Azure Active Directory

7. Open the Single Sign-On section.

8. Select SAML as the sign-on method.

9. In SAML Basic Configuration, click Edit.

10. In Bitrix24, copy:

  • ACS URL
  • SP Entity ID

11. Go back to Azure and paste:

  • ACS URL into Reply URL (Assertion Consumer Service URL).
  • SP Entity ID into Identifier (Entity ID).

Click Save.

12. Return to Bitrix24 and click Continue.


Enter the service URL and run validation

  1. Copy the App Federation Metadata URL in Azure.
  2. Paste it into Bitrix24.
  3. Click Check now.

If the setup is correct, you’ll see the message Connection established.

If you set up SSO in an incognito window or a different browser, you may need to sign in to Microsoft Azure again.

If you can’t log in:
Make sure you added yourself as a user in the Azure application.


Check employee email domains

Set up user provisioning from Microsoft Azure to sync users with Bitrix24.

1. In Bitrix24, copy the Microsoft Azure service link and Unique Token.

2. In Azure, open your app and go to Provision User Accounts.

3. Select Automatic provisioning and enter admin credentials:

  • Tenant URL (from Bitrix24)
  • Secret token (from Bitrix24)

4. Click Test Connection, then click Save.

5. In Manage provisioning, click Edit attribute mappings.

6. In Mappings:

  • Turn off Provision Azure Active Directory Groups.
  • Turn on Provision Azure Active Directory Users.

7. Remove any fields you don’t need.

8. Click Add New Mapping to add the objectId field.

9. Save your changes.

10. Go back to Provision User Accounts and click Start Provisioning to enable synchronization and automatically add new users to the account.

Azure syncs users about every 40 minutes. To add a user right away, use Provision on Demand.


Verify domains

Return to Bitrix24. Enter your domains and run the check.

Use corporate domains only, and make sure all employees are linked to them.

You can find your primary domain in Microsoft Azure on the main service page.

If a user’s email does not match the corporate domain, they won’t be able to sign in after you enable single sign-on.


Fix domain issues

1. If some users don’t have a corporate email, you’ll see a notification.
Click View to open the list.

Before making changes, notify your team about the upcoming Single Sign-On update and ask them to confirm their email addresses.

2. Review the list of users:

  • Click Edit to update a user’s email.
  • Click Allow if the user no longer needs access.

3. After you update the email domains, click Next.

4. Choose a default department for new users created from Microsoft Azure.


Configure the mobile app (iOS and Android)

Set up SSO so users can sign in to Bitrix24 from the mobile app.

iOS

1. In Bitrix24, copy the Bundle ID.

2. In Microsoft Azure, go to App registrations > All Applications, and open your app.

3. Open Authentication, click Add a platform, and select iOS or macOS.

4. Paste the Bundle ID and click Configure.

5. Copy the Redirect URI.

6. Go back to Bitrix24, paste the Redirect URI, and click Continue.

Android

1. In Bitrix24, copy:

  • Package name
  • Signature hash

2. In Azure, repeat the platform setup steps and select Android.

3. Paste the Package name and Signature hash, then click Configure.

4. Copy the MSAL Configuration.

5. Go back to Bitrix24 and paste it into the MSAL Configuration field.


Test SSO and enable it for your team

Make sure SSO works before you turn it on for all users.

1. Run a test using the provided link.

2. Open the link in an incognito (private) window.

If you open it in a regular window, you may see an error.

3. Sign in with your Azure account.

If the setup is correct, you’ll see a confirmation message.


Enable SSO

After a successful test, you can enable SSO for all employees or cancel the setup.

Before you enable SSO:

  • Notify your team about the change.
  • Send clear sign-in instructions.

Once you enable SSO, you can’t turn it off on your own. To disable it, contact technical support.

Go to Bitrix24
Don't have an account? Create for free
Bitrix24
Bitrix24
Pricing
Media kit
Contact us
In the press
Support
Helpdesk
Webinars
How-to videos
Contact support
Schedule a demo
Bitrix24 Status page
Resources
Blog
Articles
Solutions
Сustomer reviews
Alternatives
Uses
Research
On-premise
On-premise edition
Free Trial
Download
Installation
Documentation
Apps
Market
Mobile app
Desktop app
API/developers
Google API Services
Partners
Find a partner
Become a partner
Partner login
You can find the Bitrix24 Cloud and Self-Hosted Service Level Agreement here.
© 2026 Alaio
Privacy Overview

Cookies: This website uses cookies for analytical and technical reasons. ‘Analytical Cookies’ are inserted by Google Analytics to help us understand which countries our visitors come from, which pages they visit and what actions they take on this site. ‘Strictly Necessary Cookies’, as the name implies, are a type of cookies that are required for proper functioning of certain features of this website, such as the ability to use live chat. Disabling these cookies will disable access to those features and degrade your website experience.

Cookies of both types can be enabled or disabled within this plugin.

Cookie Settings
Cookie Policy

More information about our Cookie Policy

We use cookies to enhance your browsing experience - Find out more. By continuing to browse this site you are agreeing to our use of cookies. Change your cookie settings.
Got it