Authentication
Authentication
How LeaseWizard handles sign-in, SSO, and identity for enterprise customers.
Last updated: 2026-04-21
TL;DR for Microsoft customers
| Question | Answer |
|---|---|
| Does LeaseWizard support SSO? | Yes. |
| SAML or OIDC? | OpenID Connect (OIDC) — OAuth 2.0 Authorization Code flow with PKCE. |
| Microsoft supported? | Yes — Microsoft Entra ID (formerly Azure AD) is directly supported as an OIDC provider. |
| Can we provision users automatically (JIT)? | Yes — optional, per-connection. Disabled by default; enabled once domain ownership is verified. |
| Is SCIM supported? | Not yet. User lifecycle is managed via SSO + LeaseWizard admin console. SCIM is on the roadmap. |
In this section
- Supported authentication methods — the five ways users can sign in.
- Enterprise SSO (OIDC) — architecture and the full IT setup journey for Microsoft Entra ID.
- User provisioning — invitation-based vs. just-in-time (JIT).
- Domain verification — proving domain ownership before SSO routing.
- Authorization model — organizations, roles, portfolio scopes.
Related
- Network & firewall whitelisting — hosts to allowlist so users can complete SSO and token exchange.