Overview
Microsoft Entra ID (formerly Azure Active Directory) single sign-on (SSO) lets you sign in to ServiceTitan using their existing Microsoft credentials. You configure the integration once, and your employees no longer need to manage a separate ServiceTitan username and password. This reduces login friction and centralizes identity management for your organization.
Who uses this feature
Administrators
Applies to all business types
Applies to all trades
Feature configuration
Account configuration is required to use this feature. Please contact Technical Support for details.
Things to know
If your organization uses Enterprise Hub and manages multiple ServiceTitan accounts, see Set up Microsoft Entra ID single sign-on (SSO) and link user accounts instead.
After you complete the permission grant step, wait at least 24 hours before asking employees to test SSO. ServiceTitan's cache updates once per day.
If you manage multiple ServiceTitan accounts from a single Microsoft Entra account, each employee needs a separate Entra account for the ServiceTitan account. Account switching is not supported.
Best practices
Deactivate any existing ServiceTitan employee accounts before enabling auto-linking with groups. Active unlinked accounts prevent the auto-linking process from completing correctly.
When linking employees by the Public API or manual mapping, collect your employee's Entra Object IDs before contacting ServiceTitan.
Test SSO with one or two employees before rolling it out to your full organization.
Use cases
A home services company migrates its office staff to Microsoft Entra ID and wants employees to sign in to ServiceTitan using the same credentials they use for Microsoft 365.
An administrator manages a multi-location business and wants to centralize authentication so that deactivating employees in Entra immediately removes their ServiceTitan access.
Step 1: Contact ServiceTitan and provide your Entra Tenant ID
ServiceTitan must enable SSO for your account before you can configure it.
Contact Technical Support to request that Microsoft Entra ID SSO be enabled for your account.
Retrieve your Microsoft Entra Tenant ID from your Microsoft Entra admin portal.
Provide your Tenant ID to your ServiceTitan contact so it can be added to your account configuration.
Step 2: Grant permissions to the ServiceTitan application
After ServiceTitan configures your Tenant ID, you receive a grant permission link from your ServiceTitan contact. This link adds the ServiceTitan application to your organization's list of Enterprise Applications in Microsoft Entra.
Select one of the following options:
Option A: Customer grants permissions (recommended)
Open the grant permission link your ServiceTitan contact provided.
Sign in with your Microsoft Entra administrator credentials and approve the permission request.
After approving, you are redirected to a page that appears to show an error. This is expected, you can close it.
Verify that the ServiceTitan application now appears in your list of Enterprise Applications in the Microsoft Entra admin portal.
Notify your ServiceTitan contact that you have completed this step so they can finalize the configuration on the ServiceTitan side.
Option B: Share admin credentials with ServiceTitan
If Option A is not possible for your organization, you can provide your Microsoft Entra Admin credentials to your ServiceTitan contact. They click the grant permission link on your behalf.
Note: Option A is recommended. Option B requires sharing admin credentials and may not be permitted by your organization's security policy.
Step 3: Link employees to their Entra accounts
After permissions are granted, link your ServiceTitan employees to their Microsoft Entra identities. Select the method that works best for your organization.
Option A: Link employees by the Public API
Use the ServiceTitan Public API to update the AzureObjectId field for each employee. This option works well for organizations that manage employees.
For API documentation, see APIs details.
Option B: Manual mapping by ServiceTitan
Create a spreadsheet that maps each employee's email address to their Microsoft Entra Object ID.
Submit this mapping to your ServiceTitan contact. They apply it to your account in batches.
After the mapping is applied, deactivate any active ServiceTitan accounts that were not linked to an Entra identity.
Option C: Auto-linking with Entra groups
Auto-linking creates and links a new ServiceTitan account when an employee signs in by Entra for the first time. Use this option when you want employees to be added automatically.
Before you begin: Deactivate the employee's existing ServiceTitan account. Auto-linking requires the existing account to be inactive.
Role assignment: The role assigned to auto-linked employees is determined by the employee's Entra group name. The group name must match the ServiceTitan role name exactly.
Ensure the employee's existing ServiceTitan account is deactivated.
Have the employee open ServiceTitan and click Sign in with Microsoft.
The employee is prompted to create a ServiceTitan username and password. They complete this step, but these credentials are not used again after the first sign-in.
ServiceTitan creates a new account and links it to the employee's Entra identity automatically.
Step 4: Test SSO
Ask one or two employees to sign in to ServiceTitan using Sign in with Microsoft.
Verify that they can access ServiceTitan with the correct roles and permissions.
Roll out to remaining employees after confirming the test is successful.
Configure multi-tenant access: one Entra tenant, multiple ServiceTitan accounts
If your organization uses a single Microsoft Entra tenant to manage access to multiple ServiceTitan accounts, each employee must include a st_tenant_id claim in their Entra profile. This claim tells ServiceTitan which account the employee is signing in to.
Caution: Each employee can only carry one st_tenant_id value for an Entra account. An employee who needs to access three ServiceTitan accounts must have three separate Entra accounts, each configured with a different st_tenant_id. ServiceTitan does not support account switching.
Add the st_tenant_id claim in Microsoft Entra
Sign in to the Microsoft Entra admin portal.
Go to App registrations > Enterprise Applications > ServiceTitan.
Select Single sign-on, then select Attributes & Claims.
Click Add new claim and name it st_tenant_id.
Map the claim to the employee property that stores the relevant ServiceTitan tenant identifier.
Set the st_tenant_id value in each employee's Entra profile to match their intended ServiceTitan account.
Tip: If your organization is on Enterprise Hub, you may not need this configuration. Enterprise Hub SSO does not require st_tenant_id claims and allows employees to manage their own account linking from the Enterprise Hub interface. See Set up Microsoft Entra ID single sign-on (SSO) and link user accounts for details.
Microsoft Entra ID (Azure Active Directory) SSO FAQ
How do I enable Microsoft Entra ID SSO for my ServiceTitan account?
Account configuration is required. Contact Technical Support to request that SSO be enabled for your account. Once it is enabled, you provide your Microsoft Entra Tenant ID to ServiceTitan and complete the permission grant process. For full setup steps, see Set up Microsoft Entra ID (Azure Active Directory) single sign-on for ServiceTitan.
What information do I need to provide to ServiceTitan to get started?
You need your Microsoft Entra Tenant ID. Retrieve this from your Microsoft Entra admin portal and provide it to your ServiceTitan contact. ServiceTitan adds it to your account configuration.
What is the grant permission link, and how do I use it?
The grant permission link is a URL that adds the ServiceTitan application to your organization's list of Enterprise Applications in Microsoft Entra. ServiceTitan provides this link during setup.
Open the link, sign in with your Microsoft Entra administrator credentials, and approve the permission request. After approving, you may see a page that looks like an error, you can close it. Confirm that ServiceTitan now appears in your Enterprise Applications list, then notify your ServiceTitan contact that the step is complete.
Do I need Microsoft Entra admin credentials to complete the setup?
You need Entra admin credentials to approve the grant permission request. If your organization cannot provide those credentials, you can ask your ServiceTitan contact to click the grant permission link on your behalf — but this requires sharing your Entra admin credentials with ServiceTitan.
How long does it take for SSO to work after I complete setup?
After the grant permission step is complete, wait at least 24 hours before asking employees to test SSO. ServiceTitan's authentication cache updates once per day, and sign-in attempts before the cache refreshes may not work.
How do I connect my ServiceTitan employees to their Microsoft Entra accounts?
There are three options:
By the ServiceTitan Public API (updating the AzureObjectId field for each employee),
By manual mapping (you provide a list of employee emails and their Entra Object IDs for ServiceTitan's team to apply), or;
By auto-linking with groups (employees are linked automatically the first time they sign in through Entra).
See Set up Microsoft Entra ID (Azure Active Directory) single sign-on for ServiceTitan for details on each method.
What is auto-linking, and when should I use it?
Auto-linking creates a new ServiceTitan account automatically when an employee signs in by Microsoft Entra for the first time. The role assigned to the new account is based on the employee's Entra group name, which must match a ServiceTitan role name exactly.
To use auto-linking, the employee's existing ServiceTitan account must be deactivated first. Auto-linking works well for smaller teams or situations where you prefer a self-service approach over batch mapping.
Do I need to deactivate existing accounts before using auto-linking?
Yes. Auto-linking requires that the employee's existing ServiceTitan account be deactivated before the first Entra sign-in. If the account is still active when the employee signs in, auto-linking will not complete correctly.
Can one Microsoft Entra tenant connect to multiple ServiceTitan accounts?
Yes. To do this with Legacy SSO, each Entra employee must include an st_tenant_id claim in their profile that identifies which ServiceTitan account they are signing in to. Configure this claim in the Microsoft Entra admin portal under the ServiceTitan Enterprise Application's Single Sign-On > Attributes & Claims settings.
Note: An employee who needs to access multiple ServiceTitan accounts needs a separate Entra account for each one, because ServiceTitan does not support account switching.
What is the difference between Legacy SSO and Enterprise Hub SSO?
Legacy SSO connects a single Microsoft Entra tenant to one or more ServiceTitan accounts directly, and requires configuration by ServiceTitan's team. It also requires st_tenant_id claim configuration for multi-tenant setups.
Enterprise Hub SSO is designed for organizations that manage multiple ServiceTitan accounts through Enterprise Hub. It does not require st_tenant_id claims, and employees can manage their own SSO linking from the Enterprise Hub interface. See Microsoft Entra ID SSO concepts for a detailed comparison.
My organization uses Enterprise Hub and manages many ServiceTitan accounts. Which SSO path should I use?
If your organization uses Enterprise Hub, Enterprise Hub SSO is the recommended path. Contact your Customer Success Manager (CSM) to request enablement.
If an employee is on Enterprise Hub SSO, can they still sign in to individual ServiceTitan accounts with a password?
Yes, this is currently possible. Employees on Enterprise Hub SSO can still sign in to individual ServiceTitan tenants using a password.
An employee says SSO isn't working after setup is complete. What should I check?
First, verify that at least 24 hours have passed since the grant permission step was completed. The ServiceTitan authentication cache updates once per day.
If 24 hours have passed and SSO still does not work, verify that the employee's account is correctly linked to their Entra identity and that the ServiceTitan application appears in your Microsoft Entra Enterprise Applications list. If the issue persists, contact Technical Support.