In order to set up a Sign On preference, go to Manage -> Users, then click Edit (the pencil icon) next to the user's name that you want to change sign on methods for.
Click the dropdown for "Change authentication mode", and select Microsoft.
Next, click "Save" at the bottom, and now when that account signs in they'll use the "Login with Microsoft" button on the login screen.
Initial Sign In
On initial sign in you'll be prompted with the above message. Click "Accept" to continue. This should only prompt the first time during sign in, all other times will go straight into your account.
Maintain access to data you have given DashboardCTRL access to
This is necessary to :
- Keep from having to re-authorize the application at every login
- Receive refresh tokens for extended user sessions
- Azure AD enforces strict policies on refresh tokens, including expiration and scope limitations, ensuring access is not open-ended or indefinite
- If suspicious activity is detected, the refresh token can be invalidated, cutting off access immediately
Read your profile
This is necessary to sync profile information to the user. This does not grant access to sensitive information like passwords or private data.
Potential Issues
If when signing in you/they get a message saying "Need admin approval" (like above) then your company's Azure admin (typically an IT team member) will need to turn on the "Users can request admin consent to apps they are unable to consent to" on this page:
https://portal.azure.com/#view/Microsoft_AAD_IAM/ConsentPoliciesMenuBlade/~/AdminConsentSettings
Once completed, try signing in again and it will still ask for admin approval but it will let you request permission from your company's admin.