1- Search for “Azure Active Directory”
2- On the left side menu, click in “App Registrations”
3- Click on the top menu item “New Registration”
4- In the next page you’re presented with some fields. For “Name” and “Supported account types” choose what suits you.
For “Redirect URI (optional)”, despite the name, it’s important to choose the application type as “Single-page application (SPA)” and the URL it needs to respect the pattern: https://MY_ORG_NAME.impero.com/api/single-sign-on where “MY_ORG_NAME” is the name of your organization that you use to access Impero. If you don’t have one yet or don’t know which one it is, ask our customer support via https://support.impero.com/knowledge/kb-tickets/new 
You can click on “Register” and the application will be created.
5- The next step is to send some information to Impero in order for us wire your configuration in our system. Go to the “Overview” page of the new recently application and copy the following information: “Application (client) ID” and “Directory (tenant) ID” (we don’t need “Object Id” or any kind of Client Secret) and send this information to your point of contact in Impero.
We’re going to answer as soon as possible in order to make sure you can test the integration.
At this point, if an Azure user from your organization also has an Impero account, it will be possible for them to log in to Impero using Single Sign On (SSO).
Troubleshooting
The default configuration and API permissions should be enough for the integration to work but in case you have problems you can check if:
1- Configured available tokens: go to “Authentication” on the left menu side and make sure the options for the field “Select the tokens you would like to be issued by the authorization endpoint:” are NOT selected.
2- API permissions: go to “API permissions” on the left menu side and make sure to enable the permissions like the image below
In case of any questions, please don’t hesitate to contact us at support@impero.com