After you have registered your PIM application in Microsoft Entra ID, you configure PIM with the application details to enable single sign-on.

1. In PIM, on the header bar, click Admin.
2. In the Search Admin Zones field, enter Single Sign-On Configuration, and then click the link that displays.
3. On the Single Sign-On (SSO) screen, use the Identity Provider list to select Microsoft Entra ID.
4. In the Tenant ID and Client ID fields, paste the respective values that you copied when you registered the PIM application in Microsoft Entra ID.
5. If you created a client secret, paste the value into the Client Secret field.
6. For each user, verify that their identity email address matches their active email address configured in Microsoft Entra ID.
   If there are any user email addresses that do not match the Microsoft Entra ID email address, this may indicate that your email address format changed when you transitioned to Microsoft Entra ID, or that a user’s email address changed after the user account was created.

   For any user whose identity email address does not match their active email address in Microsoft Entra ID, you must update the email address in PIM. To do this, go to Admin > System Security > Users and Licenses.

7. When all identity email addresses match the corresponding Microsoft Entra ID usernames, click Auto-populate in the upper-right corner of the Setup SSO User Identities screen to automatically populate the SSO username for each user, and then click Save.
8. When you are ready to roll out single sign-on to your users, on the Single Sign-On (SSO) page, select the Enable Microsoft Entra ID Provider check box, and then click .
   Users can now sign in to PIM using Microsoft Entra ID from the main PIM sign-in page.