Azure Active Directory Single Sign-on

For organizations that use Azure Active Directory, we support Single Sign-On (SSO) by allowing your employees to use their Azure AD credentials to login to the Olive platform. Once configured, new users at your facility will be prompted to login with Azure AD when signing up for an Olive account, and will be automatically placed in your Olive Helps organization. Existing users who have previously created an Olive account will still be able use their Azure AD credentials upon next login after completing a one-time step to "link" their accounts together.

When it comes to questions such as “What PHI would enabling Azure AD SSO give you access to?”, the answer is: when a user logs in to Olive Helps, they don’t gain access to any additional PHI that they didn’t already have permission to access. Based on the way Olive Helps works, the application accesses what the user can see and does what the user can do - it doesn’t have any inherent permission or access of its own.

To allow your employees to login to Olive Helps and start using their Azure Active Directory credentials, please have your organization's Olive Helps and Azure AD administrators complete the steps listed below. If your organization does not currently have an admin user or is experiencing difficulty with configuring SSO, please contact Olive for assistance.

Enabling Single Sign-On

Note: Before proceeding, ensure your Azure Active Directory admin is available to assist with this configuration.

1. Login to your Olive account and navigate to your organization's Profile & Settings page. From this page, select "Enable Single Sign-On".

2. Input your primary Azure AD Windows Domain and Email Domain. You can typically find this information on your directory's overview page in the Microsoft Azure portal. If you're not familiar with this process or these domains, we recommend contacting your facility's Azure administrator.

3. Once you configure your organization settings page with the required domain information, an Azure AD administrator will need to grant access to Olive's app. To do so, have your Azure AD administrator attempt to sign-in/sign-up in the Olive Helps desktop application with their SSO email address. They will receive the following prompts to approve the application:

4. After completing the steps above, you can verify a successful configuration is in place for your organization upon your next login. If successful, existing accounts will be prompted to complete a one-time step to link their previous Olive account with their Azure AD credentials. Note: New user signups at your organization will not need to complete this step when onboarding with Olive Helps.