Single Sign-On: OIDC with Google and Azure Active Directory

Logging in to 12twenty using OpenID Connect is seamless and requires little to no setup. 12twenty supports integrations with Google and Azure Active Directory. 12twenty requests the following scopes: openid email profile and requires the email claim to be present and populated to properly authenticate the user.

To test the integration, first attempt to log in using the “Continue with Google/Microsoft” login button on your site instance’s login page. Enter the credentials for your Google or Azure AD account and proceed through the consent screens. If the login succeeds and brings you to the 12twenty app, no further steps are necessary.



Sub/email claim was missing

Error: “We have encountered an issue logging you into our system: Sub claim was missing.”


Error: “We have encountered an issue logging you into our system: Email claim was missing.”

Azure Active Directory

You will need to ensure your users are configured for use in 12twenty by ensuring their email is populated correctly. In Azure Active Directory, check if your user has the sufficient information provided:

  1. Navigate to Azure Active Directory

  2. Select Enterprise Applications in the side nav

  3. Click on the 12twenty enterprise application

  4. Select User and groups in the side nav

  5. Click on the user that failed the login

  6. Ensure the user has a value entered for Email under Contact info

Please Note: it is not necessary to make any configuration changes in the Attributes & Claims section on the Single sign-on (OIDC-based Sign-on) page.
Was this article helpful?
0 out of 0 found this helpful

Articles in this section