Single Sign-On (SSO)

Describes how to enable and use Single Sign-On (SSO) from other systems such as Microsoft Entra ID (formerly Microsoft Azure Active Directory).

About Single Sign-On (SSO)

"Single Sign-On", or SSO as it is also called, is a way for users to sign in to Eletive using their existing company identities. The users do not need to keep separate credentials for Eletive when SSO is enabled. 

Eletive uses the modern and secure OpenID Connect protocol which is supported by a large number of systems such as Microsoft Entra ID (formerly Microsoft Azure Active Directory), Okta, and many others. When SSO is active, authentication is delegated to the organization's own authentication system.

Our platform supports multi-tenant SSO, meaning that even if you have multiple tenants that should handle user authentication, Eletive supports it. An example could be if an organization has multiple instances of Microsoft Entra ID (formerly Microsoft Azure Active Directory), then the scope of authentication can be set based on domain to specific tenants.
Exclusion and inclusion rules can also be set for different domains regarding SSO meaning that an organization can use a hybrid model, some users authenticate using SSO, and some using password.

Specific Identity provider configuration 

Configuration steps are documented for some specific Identity Providers. 
These are listed here: 

If you use a different Identify Provider than those listed above, please follow the General Configuration guide below. 

Configuration - General

The configuration may differ based on the identity provider and these are general instructions that are performed in Eletive. 

In Eletive

  • Go to "Setting -> Integrations"
  • Select "Single Sign-On"
    • If it is not present, it needs to be activated in the features panel
    • Navigate to "Settings ->Features" activate "Integrations" and "Single Sign-On". After this "Integrations" will be visible under "Settings"  
  • In the "Choose provider" dropdown, select "Other (OpenID)"
  • Add the "Well known URL" and "Client ID"
  • Email field (optional field): it is possible to specify which field the id_token to use for authentication. Note that emails for Eletive users need to match email in the id_token field. 
  • Restrict Single Sign-On domains (optional field): it is possible to restrict Single Sing-On to specfic domains or include all domains. Specific domains can be included or excluded depending on the use case. 
  • Once finished, press "Connect"
  • Test by opening an incognito browser window and try to sign in. 

Tip: When testing, stay logged in to your Eletive account in a separate tab, this way you can simply remove or reconfigure the SSO connection if needed when testing.