How can we help? 👋

FAQ for SSO/Azure AD

How does Azure AD integration for SSO work?

The DekkoSecure service is added to your Azure AD tenant as a third party enterprise application.

Integration is generally very straightforward and requires that you accept integration permissions from a URL that we provide to you. This is followed by a simple testing process before full-scale use.

Do you support authentication services (ex. Okta)?

Yes. The DekkoSecure web application will follow whichever authentication rules are applied to it via your Azure AD conditional access controls. If this includes a service such as Okta, the user will be presented with an Okta authentication challenge; the same way that they would when logging in to a Microsoft 365 service.

What happens if a user is removed from Azure AD?

Users who are deleted in AAD will lose access to the system and lose their content, because the key to their data is stored in the AAD custom attribute. If the user is offboarded but kept in AAD with access disabled, then content will remain.

The latter of these two scenarios is suitable in situations like sabbaticals, where a user’s access needs to be disabled and then reinstated later.

If a user in AAD is cloned and you attempt to log in using the new AAD account, you will not get access to the original user’s Dekko account.

What happens if a user tries to sign in and not setup in my organisation?

If user uses SSO to get log in and has no pending Hub invites, they will see the following message:

Notion image

Such users will not have access to any Hubs or files until they receive and invite and/or share.


What is the delineation of authentication and authorisation?

Access to Hubs and content is managed inside the DekkoSecure platform, and AAD security groups are used to manage access to the application itself.


What is the SSO/AAD user onboarding process?

DekkoSecure support auto-provisioning of users after it is added to your Azure AD tenant as a third party enterprise application. New users simply press the corporate log in button on the DekkoSecure log in page and their account will be created.

Typically, a Tenancy admin will create a Hub for a specific purpose (they will then be an admin of that Hub), and then invite users to it. Invited users that authenticate via SSO will be added to the Hub automatically when their account provisions (and get access to shared files if there are any).

You can learn more about Hubs, roles and permission here.

Users can only be invited to a Hub or Hubs by a Hub administrator or a Team Member in a Hub.

How do we transition from regular accounts to SSO accounts?

Regular account with can be automatically migrated to SSO accounts seamlessly after SSO integration has been established.

If a regular DekkoSecure log in, ‘’ is registered, the next time this user authenticates using the AAD account ‘’, all data such as groups, files, messages, contacts and meetings will remain. The only difference will be the way the user is authenticated in to DekkoSecure platform. The regular DekkoSecure log in for this user will also no longer work.

Users that migrate their accounts are prompted for the DekkoSecure account password and 2FA if turned on, before migration takes place. Account migration typically takes less than one minute, depending on how many Hubs the user is a member of and how much content they have access to.

Did this answer your question?