Configuring Azure AD

This article is for IT support.

Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management solution. Azure AD can sync users and groups from Active Directory, Microsoft Teams, or Office 365 for authentication in School Manager. Additionally, once Azure AD groups have been synced, you can use the Groups to manage classrooms in Classwize.

  1. Go to Configuration > Authentication > Azure AD.
  2. Select Enabled.
  3. (Optional) Select Strip Domain to allow users to log in as instead of


    This will only strip the specified domain, if your school has other secondary domains, this will not remove the domain from those users.

  4. Warning

    School Manager will sync all tenancy users when your school is part of a multi-tenancy domain.

    Enter your school’s Azure Domain (for example,
  5. Select Sync Hidden Group Memberships to sync groups created by Microsoft School Data Sync (SDS) with the “HiddenMemberships” property.
  6. Select the Group Name Field or Group Description.
    Azure AD will populate the Name column in Configuration > Users and Groups > Groups with the group name or group description.
  7. Select Save.

Syncing Azure AD

  1. Use your domain administrator or global administrator Azure AD credentials to sign into Microsoft when prompted.
  2. Accept the permission requests:
    • Read directory data
    • Read all groups
    • Access the directory as the signed-in user
    • Read all users’ full profiles
    • Sign in and read the user profile
  3. Select Run Sync.

Troubleshooting Azure AD Sync

"Sorry, but we're having trouble with signing you in."

Ensure you use the correct domain controller associated with your school's Azure AD account.

"Need admin approval."

Ensure your domain administrator account has the Global Administrator permissions in Azure AD.

Troubleshooting “Sync Status: Failed” in School Manager

You can use this list of error messages to troubleshoot sync errors in School Manager. If sync continues to fail, please contact Linewize Support and provide the error displayed.

Error Message How to resolve

400 - Your access token has expired. Please renew it before submitting the request.

This can be caused by invalid credentials.
Confirm the username and password for the linked account are correct and re-enter them in School Manager.

Azure AD Access Token

Azure AD Sync is set up and enabled but the Azure Credentials is not linked.
Link your Azure account by selecting Link under the “Azure Credentials” section.
After the correct account is linked, select Run Sync.
Error:invalid_request Azure Domain is not in a valid format. Check your school’s domain is spelt correctly and there are unsupported special characters. You can only enter one domain, not multiple.


Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.