Single sign-on with Azure

Pritunl supports single sign-on with Azure Active Directory. Azure Active Directory Security and Office 365 groups will be matched to existing organizations.

Create Azure Active Directory App

Open the Azure dashboard and go to the App registrations section of the Azure Active Driectory.

Click New registration and set the Name to Pritunl and Redirect URI to Web. Then set the URL to Once done click Register.

Open Branding and upload the Pritunl Logo. Set the Home page URL to the URL of your Pritunl server. Then click Save.

Open the Authentication tab and enable Access tokens under Implicit grant. Then click Save.


Open API permissions and click Add a permission. Then click Microsoft Graph and select Delegated permissions.

In the Directory section enable Directory.Read.All.

In the Group section enable Group.Read.All, once done click Add permissions.

In the User section enable User.Read and click Add permissions.

Open API permissions again and select Microsoft Graph then select Application permissions

In the Directory section enable Directoy.Read.All, once done click Add permissions.

After the permissions have been saved click Grant admin consent for Pritunl on the API permissions tab.

Open Certificates & secrets and click New client secret. Then set the Description to Pritunl and set Expires to Never. Once done click Add and copy the Value from the list of secrets. The Secret ID is not relevant and should not be copied. Save this value for the steps below.

Configure Pritunl

Open the Overview of the Pritunl app in App registrations. Copy the Directory (tenant) ID, and Application (client) ID for the configuration below.

Open the Settings in the Pritunl web console and set Single Sign-On to Azure. Copy the Directory ID and Application ID from the steps above. Then copy the Azure key value from the earlier steps into Application Secret. The Default Single Sign-On Organization will be used if none of the Azure groups match an existing Pritunl organization.