Azure AD Configuration
Business & Enterprise only
Note that our Azure AD integration is limited to the Business and Enterprise product tiers. See our pricing page for more information.
Setting up Azure AD integration with Twingate will enable both OpenID Connect user authentication and user and group sync with Azure AD. There are two steps to set up this integration:
- Enable the Azure AD integration in Twingate and sign in to your Azure AD tenant.
- Configure the Twingate application in the Microsoft Azure AD Gallery and enable SCIM for user and group sync.
Twingate configuration
Before proceeding with the Twingate Azure AD gallery app configuration, you need to sign in with Azure AD in the Twingate Admin Console. You can do this from Settings > Identity Provider > Azure AD.

To retrieve the Azure AD tenant ID:
- Open the Azure portal at https://portal.azure.com.
- Navigate to Azure Active Directory from the left side menu.
- Copy the
Tenant ID
from the Tenant information box. - Paste the
Tenant ID
into Twingate as shown above, and click “Sign in with Azure AD”.
Once you have entered the Azure tenant ID and have verified that you can sign in, continue with the steps below.
Microsoft Azure AD Gallery application
Once you have completed the initial step of signing into Azure AD, above, you can proceed with setting up the official Twingate gallery application. Detailed instructions are available in Microsoft’s Azure AD documentation.
To complete the Azure AD configuration, please follow the instructions below on Microsoft’s website:
-> Twingate Azure AD Gallery app instructions
The guide above will cover:
- Adding the Twingate Azure AD Gallery app to your Azure AD instance
- Determining which users and groups should be synced to Twingate
Azure AD accounts without email addresses
Azure AD allows configuring accounts without an email address. Our Help Center, which we use to provide you with technical support services, requires accounts to have an email address to access support. Twingate signs in users to the Help Center using their synced email address.
Consequently, accounts that need access to support are required to have an email address. If an Azure AD account does not have an email address, it will not be able to login to the Help Center. Adding an email address to a user by setting the “Email” property for their account will sync the email address with Twingate and enable that user to access the Help Center.
Last updated 20 days ago