# Admin | User Accounts
User accounts in Kahu are required for anyone to use the User App or the Workplace App; the same account is used across both should a user have access to both. Most accounts are associated with a Microsoft or Google account.
# Single Sign-On Accounts
If "Sign in with Microsoft" or "Sign in with Google" is used, then a Kahu user account is created when a new user first logs in. These accounts cannot be created manually.
# First Login
When the user first logs in, their account will be associated with the correct instance based on the email address
domain. For example all users who sign in with an
@example.com email address will be associated with the
Example Ltd. instance. The user will also be given the "User" role by default, allowing them access
to the User App and their own data only. If a user requires more access, for example to the Workplace
App for management, first find them in the Users list, then edit their roles.
# User Linking
# Single Sign-On Setup
# Microsoft SSO
For Microsoft SSO to work, the Kahu SSO Azure App must be approved for use by an administrator. The Kahu SSO app only requests User Profile, which is the most basic permission for an app. It is only used for authenticating Users, other integrations (such as Room Booking) are handled separately.
To grant admin consent for SSO, visit this page and sign-in with an admin Microsoft account for your organisation: Admin Consent for Kahu SSO