Purpose

This guide explains how to configure Microsoft Entra ID (Azure AD) so users in your organization can sign in to Qarma without being prompted for individual consent.


Mandatory Preparation (Do This First)

This section must be completed before any of the following steps below will work.
 If this preparation is skipped, the admin consent flow will fail.

Send the following details to your Qarma project manager:

  • Microsoft Entra ID Tenant ID
  • Microsoft Entra ID Primary domain

Qarma’s technical team will use this information to configure your tenant in our system.
You cannot continue with the remaining steps until this setup is complete.


Step 1) Open the Admin Consent Link

Sign in as a Microsoft Entra ID administrator and open the URL below in your browser.

Replace {YOUR_TENANT_ID} with either:

  • Your Entra ID tenant ID, or
  • A verified domain name for your tenant
https://login.microsoftonline.com/{YOUR_TENANT_ID}/adminconsent?client_id=a8a9e53f-c73e-418c-a8d7-1656c812a955&redirect_uri=https://app.qarmainspect.com/q/sessions/frontend/provider/entra-id/callback&state=admin_consent


Step 2) Sign In and Grant Consent

  1. Sign in using an account with Global Administrator or Privileged Role Administrator permissions.
  2. Review the permissions requested by Qarma:
    • openid
    • profile
    • email
    • offline_access
  3. Click Accept to grant consent on behalf of your organization.

After accepting, you will not see a confirmation message. A blank page is expected.


Step 3) Verify the Consent Was Applied

  1. Open the Microsoft Entra admin center
  2. Go to Enterprise applications
  3. Search for Qarma SSO
  4. Open the application and confirm that Admin consent granted is shown for the organization


Step 4) (Optional) Assign Users or Groups

If your Entra ID tenant requires explicit user or group assignment:

  1. Go to Enterprise applications → Qarma SSO
  2. Open Users and groups
  3. Click Add user/group
  4. Assign the users or groups who should be allowed to sign in to Qarma


Step 5) Test the Sign-In

  1. Go to: https://app.qarmainspect.com
  2. Select Sign in with Microsoft
  3. Sign in using an assigned Entra ID account

If everything is configured correctly, the user will be signed in without seeing any consent prompt.


Done

Your Microsoft Entra ID tenant is now connected to Qarma using OpenID Connect, and users can sign in using Microsoft SSO.

 


Important things to be aware of

  • Guest Entra ID users are not supported, unless their domain is a company domain
  • Only one enforced domain is supported at this point
  • Creating or disabling a user in Microsoft Entra ID does not automatically create or disable a user in Qarma
    • Users must be created manually in Qarma
    • Disabling a user in Microsoft Entra does not automatically disable them in Qarma
    • However, if the user’s domain is enforced in Qarma, they can no longer gain access to Qarma.