Overview
Heed supports direct authentication via Microsoft Entra ID (formerly Azure AD), allowing users to sign in silently and automatically using their existing Microsoft organisational identity. Once configured, users on Entra ID joined devices are authenticated without any manual sign-in prompt.
This integration requires an Entra ID administrator to grant consent for Heed to authenticate users within your tenant.
Prerequisites
Before configuring Entra ID authentication in Heed, ensure the following:
You have access to the Heed Admin Portal with permission to create and manage Desktop Profiles.
You have your organisation's Entra ID Tenant ID to hand. This can be found in the Azure Portal under Microsoft Entra ID > Overview.
An Entra ID Global Administrator (or an account with permission to grant tenant-wide admin consent) is available to complete the consent step.
Step 1 β Create a Heed Desktop Profile
In the Heed Admin Portal, navigate to Desktop Profiles and click Create Profile, or open an existing profile you wish to configure.
Under the Authentication section, set the Authentication Type to Azure AD.
Enter your organisation's Tenant ID in the field provided.
Heed will generate an Admin Consent URL. This URL is used to authorise Heed to authenticate users within your Entra ID tenant.
Click Save to save the profile.
Important: You must click Save before proceeding. The Admin Consent URL is not active until the profile has been saved.
Step 2 β Grant Admin Consent
The Admin Consent URL must be opened and approved by an Entra ID administrator. This grants Heed's application the necessary permissions to authenticate users in your organisation's tenant.
The URL will follow this format:
https://login.microsoftonline.com/{your-tenant-id}/adminconsent?client_id={heed-client-id}&redirect_url=https://app.heed.io/auth/azure/callback&state=heedIf you are an Entra ID administrator:
Copy the Admin Consent URL from the Desktop Profile.
Open the URL in a browser whilst signed in with your Entra ID administrator account.
Review the permissions requested by Heed and click Accept to grant consent on behalf of your organisation.
If you are not an Entra ID administrator:
Copy the Admin Consent URL from the Desktop Profile.
Forward the URL to your Entra ID administrator and ask them to open it, sign in, and click Accept to grant consent.
β
β
Once consent has been granted, Heed is authorised to authenticate users in your tenant and the integration is active.
How it works
When a user launches the Heed desktop client on a device covered by this profile, the client initiates authentication silently against your Entra ID tenant. Provided the user is signed in to their Microsoft account on the device and the device is Entra ID joined, authentication completes automatically with no additional prompt or credential entry required.
Troubleshooting
Admin Consent URL is not generated Ensure the Tenant ID has been entered correctly and that the profile has been saved. The consent URL is only generated after a valid Tenant ID is provided and the profile is saved.
Users are prompted to sign in manually, or authentication fails silently Verify that the user's device is Entra ID joined and that the user is currently signed in to their Microsoft account. Device status can be checked in the Azure Portal under Microsoft Entra ID > Devices.
Consent was granted but users cannot authenticate Confirm that admin consent was accepted by an account with sufficient permissions. You can verify the consent status in the Azure Portal under Microsoft Entra ID > Enterprise Applications, locate the Heed application, and check the Permissions tab.