Secure SSO to Make.com with Microsoft Entra ID (Azure AD)

This step-by-step guide explains how to configure Microsoft Entra ID (Azure Active Directory) OpenID Connect single sign-on for make.com so your users can log in securely with their corporate accounts.

By following this how-to article, you will learn which permissions to set, how to register the application, and how to complete the connection on the make.com side.

Before you connect Azure AD to Make.com

To complete the configuration successfully, you need a few prerequisites in both Microsoft Entra ID and make.com.

• An active Microsoft Entra ID tenant (formerly Azure AD).
• Admin access in Microsoft Entra ID to create an app registration.
• Organization Admin (or equivalent) access in your make.com organization.
• The official configuration instructions from the Make help center: Azure AD OIDC setup for Make.

Once these are in place, you can begin the setup process.

Step 1: Register a new application for Make.com in Azure

The first task is to create an app registration in Microsoft Entra ID that represents make.com.

1. Sign in to the Microsoft Entra admin center.

2. Navigate to Identity > Applications > App registrations.

3. Select New registration.

4. Enter a recognizable Name, for example Make.com SSO.

5. For Supported account types, choose the option that matches your organization (usually Accounts in this organizational directory only).

6. For the Redirect URI (if required at this point), select Web and leave it blank temporarily or use a placeholder; you will update it later with the exact URL from make.com.

7. Click Register to create the app.

After registration, note the following values, as they will be used in make.com:

• Application (client) ID
• Directory (tenant) ID

Step 2: Configure API permissions for Make.com

Next, you must grant the application appropriate permissions so it can authenticate users who access make.com through OpenID Connect.

1. Open your newly created application in App registrations.

2. Go to API permissions in the left menu.

3. Select Add a permission and choose Microsoft Graph.

4. Under Delegated permissions, add the standard OpenID Connect related scopes required for sign-in (for example openid and email, and any additional scopes specified in the official Make documentation).

5. Click Add permissions.

6. Back on the API permissions page, select Grant admin consent for your organization, then confirm. This ensures that users will not be prompted to approve permissions individually when logging in to make.com.

Step 3: Generate a client secret for Make.com

Make.com needs a secure way to communicate with Microsoft Entra ID, which is provided by a client secret.

1. In the same application, go to Certificates & secrets.

2. Under Client secrets, click New client secret.

3. Enter a descriptive Description, such as Make.com OIDC secret.

4. Choose an Expiration period according to your security policy (note that you must replace it in make.com before it expires).

5. Select Add.

After creation, copy the Value of the client secret immediately and store it securely. This exact value will be needed later in the make.com configuration and cannot be retrieved again once you leave the page.

Step 4: Configure redirect URI and endpoints for Make.com

Now you must align the Azure application settings with the redirect URL and OpenID Connect endpoints required by make.com.

1. In the application, open Authentication.

2. Under Redirect URIs, add the redirect URL provided in your make.com organization SSO settings. This URL typically points back to a dedicated callback endpoint on the Make platform.

3. Ensure Access tokens and ID tokens are enabled if these toggles are available, because they are necessary for OIDC sign-in to make.com.

Next, note the standard OpenID Connect endpoints from your Microsoft Entra ID instance, which are typically available from the Endpoints section in the application overview or via the OpenID Connect metadata document. Make.com will require at least:

• Issuer (Authority) URL
• Authorization endpoint
• Token endpoint
• JWKS (JSON Web Key Set) URI

Step 5: Enter Azure details in Make.com SSO settings

With Azure AD configured, switch to your make.com organization settings to complete the SSO connection.

1. Sign in to your make.com account with an organization admin role.

2. Go to your Organization or Security section where single sign-on settings are located.

3. Select the option for OIDC or Microsoft Entra ID / Azure AD sign-on, as documented on the official help page.

4. Enter the following values from your Azure app registration:

   • Client ID (Application ID).
   • Client secret (the value you stored earlier).
   • Tenant or issuer URL, based on the instructions in the Make guide.
   • Authorization, token, and JWKS endpoints, if required separately.

5. Save your configuration, then use the built-in Test or Try sign-in function (if provided) to confirm that authentication redirects properly from make.com to Microsoft Entra ID and back.

Step 6: Assign users and groups access to Make.com

To control who can access make.com via SSO, you must assign users or groups to the Azure app.

1. In the Microsoft Entra admin center, open your Enterprise applications entry that corresponds to the make.com app registration.

2. Navigate to Users and groups.

3. Select Add user/group.

4. Choose the users or groups who should sign in to make.com using SSO.

5. Click Assign.

From now on, only the assigned users or groups are able to use the Azure-based single sign-on flow to reach the Make platform.

Troubleshooting common Make.com SSO issues

If users cannot sign in to make.com after configuring Microsoft Entra ID, check these frequent causes:

• Incorrect redirect URI: Verify that the redirect URL in Azure exactly matches what is shown in your make.com settings, including protocol and trailing slashes.
• Mismatched tenant or issuer: Ensure the issuer or tenant identifier in make.com corresponds to your actual Microsoft Entra tenant.
• Expired or incorrect client secret: If you recently regenerated the secret, update it in make.com immediately.
• Missing user assignments: Confirm that affected users or groups are assigned to the Enterprise application in Microsoft Entra ID.
• Consent not granted: Make sure admin consent was granted for the OIDC and Microsoft Graph permissions requested.

For exact error codes and screenshots, always cross-check with the official documentation at the Make.com Azure AD OIDC guide.

Best practices for Make.com and Azure AD SSO

To keep your SSO integration robust and secure, consider adopting these practices in your make.com and Microsoft Entra ID environment:

• Rotate secrets regularly: Before a client secret expires, create a new one, add it to make.com, and then remove the old one.
• Use groups for assignment: Manage access to make.com through security groups instead of individual user assignments to simplify administration.
• Monitor sign-in logs: Use Azure sign-in logs to trace authentication problems affecting the Make application.
• Document your configuration: Keep a record of your redirect URIs, endpoints, and mapping rules used by make.com.

Where to get more help with Make.com SSO

If you need tailored implementation support or want to integrate make.com into broader automation projects, you can work with specialist consultants such as Consultevo, who focus on automation and integration solutions.

For the most accurate, up-to-date technical details, always refer to the official Make help center article on Azure AD OpenID Connect at help.make.com/ms-azure-ad-oidc. Following the documented fields and values precisely there, together with this how-to overview, will help you achieve a reliable, secure Microsoft Entra ID SSO implementation for make.com.

Need Help With Make.com?

If you want expert help building, automating, or scaling your Make scenarios, work with ConsultEvo — certified workflow and automation specialists.

Get Help