Under Review

Set up SAML with Azure AD as enterprise application

Simon 3 years ago updated by Rishikesh Gajul (Product Manager) 2 years ago 17

As of October 15 this year, Azure AD no longer accepts domains that the tenant doesn't manage themselves in their App ID URI field when setting up a custom SAML app, domains like screenconnect.com

This makes sense, I suppose, because custom SAML apps are for those trying to integrate apps that they built themselves or at least manage the DNS records for.

Anyway, this new development means that ConnectWise in fact no longer supports SAML integration with Azure AD / Microsoft 365.

The issue has been registered as #SCP-37400 on ConnectWise Home, but I think the way forward is clear — ConnectWise should register Control as an enterprise app on Azure AD, like Splashtop and Teamviewer have done. That's why those solutions haven't been affected by this new policy by Azure AD.

Registering as an enterprise app would be ideal, as this would make the set up process for SAML integration much easier as well.

This is what's posted on ConnectWise Home.

The Microsoft docs link is to this page.

No solution is offered, but as I wrote above, registering as an enterprise app seems to be the best (only?) way.

Hi Simon, 

We're still investigating how best to handle this situation, but thanks for your suggestion! 

I am having the exact same issue. I am needing help fixing this. Is there any update on this case yet?

Under Review


We're still investigating this issue and may take some more time to find the right solution. In the mean time, you can refer this link for a workaround.

Can you tell me, is the Client secret the Client secret value or the Secret ID?

Any update on a better solution to use Azure AD for SSO Auth without having to modify a user's department details?

Currently working on this issue.  Early ETA would be April barring a delay, but I'll try to update again in a week.  

Any update on this? We can't use the work around because we use the department field for something else.

I have no update for you, but I am using the work around, and in the config, there is a "UserInfoRoleNamePath" field that is configured by default to use AD attribute 'department' but it looks like you could change that to use any AD attribute.

Enabling this method is also an addition, so your users will still be able to log in with existing local accounts.  It adds a new login button that you also name.

Changing that department config may work for you, but I have not tested this.


Is there any update to this request? Azure AD SSO is really important for my company. Please share any status or news.


Hi Mateo,

It's still in development. We've had some high priority work to complete before shifting our focus on this one again. But rest assured it is on the verge of completion and will soon be deployed in one of our upcoming releases.  

What's the current status of this? We're approaching the one year mark of this being broken and wondering if I should look at different vendors that support Azure AD SAML?

Hi Trenton,

The fix is currently in the Prod. Kindly upgrade your instance to the latest stable version 22.5 and check.

Hi Rishikesh, what was the fix for this problem? There's no option to add an Azure AD user source that I can see. What actions do we need to take now to add Azure AD as a user source?

We recently purchased ConnectWise Control & I'm looking to integrate it into our Azure tenant.  Has anyone on stable version 22.5 successfully done it yet?

Hi Kellie,

Please go through this article to setup SAML with Azure AD.

In case you have any issue while setting it up, contact our Support team for further investigation.