If your company uses Microsoft 365, you can require all Kolleno users in your company to sign in exclusively with their Microsoft account. Once enforced, username and password login is disabled — users must click "Log in with Microsoft" on the Kolleno login screen.
How to enable it
Microsoft SSO enforcement is activated by the Kolleno team on your behalf. To get started:
Contact Kolleno Support and request that Microsoft SSO be enforced for your company
Our team will enable the setting on your account
Once activated, all existing users in your company will be required to sign in with Microsoft going forward
⚠️ After enforcement is turned on, your users will no longer be able to log in with their email and password. Make sure your team is aware of the change before requesting it.
What changes for existing users
Existing users will see that the email/password login no longer works for them
They should use the "Log in with Microsoft" button on the Kolleno login screen instead
No action is needed from them — their accounts and permissions remain the same
How adding new users works
Once Microsoft SSO is enforced, inviting new users works slightly differently:
An Admin invites a new user from Kolleno as usual (Settings → User Management)
The invited person receives an email instructing them to sign in with Microsoft (instead of a registration link)
When they click "Log in with Microsoft" on the Kolleno login screen for the first time, their account is created automatically
They are assigned the role and portfolio access specified in the invitation — no extra setup needed
There is no separate registration step. The new user simply signs in with Microsoft and they're ready to go.
Good to know
This setting applies company-wide — it cannot be turned on for individual users only
The same enforcement option is also available for Okta SSO if your company uses Okta instead of Microsoft
To change the default role assigned to new SSO users, see Setting the Default Role for New Users via SSO