What you'll be able to do after reading this:
Know what Cloverleaf support needs to turn on Google or Microsoft sign-in for your org
Confirm your email domains are set up correctly so teammates land in the right place
Walk your IT admin through any approval steps required by your Google Workspace or Microsoft 365 tenant
Troubleshoot the most common sign-in issues without opening a support ticket
How does Google or Microsoft sign-in work?
Cloverleaf can let your team sign in using their existing Google or Microsoft account. No separate Cloverleaf password required. This option is set per organization and works alongside (or instead of) standard email-and-password sign-in.
Enabling this feature is done by the Cloverleaf team. Org admins cannot turn it on from within Cloverleaf settings directly.
How do I get it turned on?
Reach out to your Cloverleaf contact or submit a request through support. Let Cloverleaf know whether you'd like Google, Microsoft, or both enabled. Once it's active, the matching button appears on your team's sign-in page automatically.
No action is needed from your team to see the button after it's been enabled.
What do I need to check before my team starts using it?
Two things to verify before your team signs in this way for the first time:
Your team's email domains must be approved on your organizationCloverleaf identifies a teammate by the email address on their Google or Microsoft account. For someone to join your organization through this flow, the domain portion of their email (the part after the @, for example yourcompany.com) must be on your organization's approved domain list in Cloverleaf.
If a domain is not approved and the person has not been individually invited, they will be able to complete the Google or Microsoft sign-in flow but will not be added to your organization. Contact your Cloverleaf contact to confirm which domains are approved and request additions if needed.
Your IT admin may need to allow Cloverleaf in your tenant. Cloverleaf requests only basic profile information (name and email address) during sign-in. Nothing is read from mailboxes, files, or calendars.
That said, some organizations restrict which third-party apps employees can access, so your IT admin may need to complete a one-time approval.
Microsoft 365 / Entra (Azure AD)
If your tenant requires admin approval for third-party apps, the first person to sign in will see a "Need admin approval" screen. A Global or Entra admin approves Cloverleaf once in the Microsoft Entra admin center under Enterprise applications. After that, the rest of the team can sign in without any additional steps.
If your tenant allows self-approval, no admin action is needed.
Google Workspace
Personal @gmail.com accounts work without any configuration. If your Workspace restricts third-party apps, a Workspace admin marks Cloverleaf as a trusted app in the Admin console under Security, then API Controls, then third-party app access. Your Cloverleaf contact can provide the exact app ID to allow.
How does my team sign in?
Go to your organization's Cloverleaf sign-in page.
Select Sign In With Google or Sign In With Microsoft.
Choose the account and approve the basic profile request.
Sign-in is complete. Teammates signing in for the first time will have a Cloverleaf account created automatically.
Troubleshooting
The Google or Microsoft button is not showing on the sign-in page.
The feature may not be enabled for your organization yet. Contact your Cloverleaf representative to request it.
"Need admin approval" (Microsoft) or "access blocked" (Google)
Your IT admin needs to approve or trust Cloverleaf once. See the IT admin section above for the specific steps for each platform.
Sign-in completes but Cloverleaf says you don't have access
Your email domain is likely not yet approved on the organization. Ask your org admin or your Cloverleaf contact to add it.
You'll know it's working when...
Your team members can select the Google or Microsoft button on the sign-in page, complete the sign-in flow without errors, and land inside your Cloverleaf organization. First-time users will have an account created automatically with no additional setup required.