![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 46%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGS%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,455 questions
Yes, Azure AD is an IdP that is capable of providing SSO for external applications. I'd recommend to grab one Azure Active Directory Premium P2 license to take advantage of all the AAD features it has. Basic licensing (free) will be sufficient for your users unless you want to have more control over your environment (see below).
If you want to have more granular control over your AAD users for MFA, Conditional Access, etc you will need to look into Enterprise Mobility & Security (EMS) licensing for each of your users:
https://www.microsoft.com/en-ca/microsoft-365/enterprise-mobility-security/compare-plans-and-pricing
----------------------------------------
If this is helpful please accept answer.