Enterprise identity management with Microsoft Entra ID
Single sign-on, automatic user provisioning, group-based access control, and multi-tenant resolution โ powered by your existing Entra ID directory.
Done0 uses Microsoft Entra ID as the primary identity provider for DACH enterprises. Employees sign in with their corporate credentials via OAuth 2.0 and are automatically provisioned with the correct role and tenant. Group memberships control access levels, and tenant resolution happens automatically via domain mapping. No separate user management needed.
Setup in a Few Steps
Register Done0 in Entra ID
Create an app registration in your Microsoft Entra ID tenant with the required redirect URIs and API permissions (User.Read, GroupMember.Read.All).
Configure SSO & OAuth
Enter the client ID and secret in the Done0 admin panel. Configure the redirect URI and test the authentication flow.
Set Up User Provisioning
Enable automatic user sync from Entra ID. Map Entra ID groups to Done0 roles (employee, manager, agent, admin) for access control.
Configure Tenant Resolution
Map your corporate email domains to Done0 tenants. Multi-tenant setups are supported for organizations with multiple Entra ID directories.
Integration Features
Single Sign-On (SSO)
Employees sign in with their corporate Microsoft account. No additional passwords, no separate registration required.
Automatic User Provisioning
Users are created and updated automatically when they first sign in. Departing employees are deactivated when removed from Entra ID.
Group-Based Access Control
Map Entra ID security groups to Done0 roles. Managers, agents, and admins are assigned automatically based on group membership.
Multi-Tenant Resolution
Corporate email domains are mapped to tenants automatically. Employees are routed to the correct Done0 tenant based on their Entra ID domain.
Enterprise-Grade Security
Conditional Access policies, MFA enforcement, and token-based authentication. Done0 never stores or handles passwords directly.
Full Audit Trail
Every authentication event and role assignment is logged. Integrates with your existing Entra ID audit log for compliance reporting.
Frequently Asked Questions
Done0 uses the OAuth 2.0 authorization code flow with Microsoft Entra ID. Employees click "Sign in with Microsoft" and are redirected to their corporate login page. After authentication, Done0 receives a token and creates or updates the user profile automatically.
Yes. You can restrict Done0 access to specific Entra ID security groups and map groups to roles. For example, members of "IT-Helpdesk" get the agent role while "IT-Admins" get the admin role. All other authenticated users default to the employee role.
Yes. Done0 supports multi-tenant configurations where different business units or subsidiaries have separate Entra ID directories. Tenant resolution happens automatically based on the email domain of the authenticating user.
When a user is disabled or deleted in Entra ID, their Done0 session is invalidated on next token refresh. Their historical data (tickets, conversations) is retained for audit purposes but the account is deactivated.
Ready to transform your IT support?
See Done0 in action. Book a demo or start your free trial.
Book a Demo