When connecting Microsoft SSO (via Entra ID) to Kadence for the first time, an administrator with the right permissions must grant consent for your organization. This ensures secure, seamless login for all users without repeated prompts.
This guide walks you through how to complete that approval as an Entra admin.
Prerequisites
To complete this setup, you must:
Be a Global Admin in Kadence
Have one of the following roles in Microsoft Entra ID:
Global Administrator
Application Administrator
Before You Begin
You may want to enforce SSO as an organization to prevent users logging into Kadence and bypassing the SSO authentication.
To fully enforce SSO and prevent users from bypassing Microsoft by setting or resetting passwords, we strongly recommend blocking specific automated Kadence emails before or during rollout.
If you do not wish to enforce SSO and want your users to be able to login without SSO, skip to Step 1.
Block “Welcome to Kadence” Emails
When users are provisioned, Kadence may send a welcome email prompting them to set a password. Blocking this ensures users only access Kadence via SSO.
Block or filter emails from: [email protected]
Filter by subject line: Welcome to Kadence
Do not block all emails from this address. Other critical notifications (such as check-in reminders and booking confirmations) are also sent from this domain.
Block Password Reset Emails (SSO Recommended)
If your organisation uses Single Sign-On, blocking password reset emails prevents users from bypassing SSO authentication.
Block or filter emails from: [email protected]
Filter by subject line: Reset your password
Do not block all emails from this address. Blocking only this subject ensures SSO remains enforced while preserving essential notifications.
When should I apply these blocks?
We recommend applying these email filters:
Before enabling SSO, or
Before syncing users into Kadence, especially via Directory Sync
This ensures users only authenticate using Microsoft SSO from day one.
Step 1: Initiate Login from Kadence
Navigate to Kadence
Click the Microsoft logo under the Kadence login form
You’ll be redirected to the Microsoft login page
Sign in using your Microsoft Entra admin credentials
Step 2: Grant Organization Consent
After signing in successfully:
You’ll be presented with a permissions prompt from Microsoft
Tick the checkbox: Consent on behalf of your organization
Click Accept to complete
Once this is done, all users in your organization can log in to Kadence using Microsoft SSO—without seeing individual consent prompts.
Don’t see the consent checkbox?
You may not be logged in with the correct Microsoft Entra admin account.
To grant consent manually:
Go to entra.microsoft.com
Navigate to Applications → Enterprise applications
Find and select Kadence
Go to Permissions
Click Grant admin consent for [Your Org Name]
Microsoft SSO Permissions
Kadence requests the following OpenID permissions:
Permission | Purpose |
| Allows users to sign in and share their identity |
| Access to basic user profile information |
| Read users’ primary email address |
| Sign in and access user profile and company info |
These are standard permissions required for secure authentication and integration.
Need Help?
For support, reach out to:
📩 [email protected]
For more helpful articles see:
📚 Kadence Help Center