Skip to content
English
Go to eletive.com
  • There are no suggestions because the search field is empty.

Single Sign-On (SSO)

Describes how to enable and use Single Sign-On (SSO) from other systems such as Microsoft Entra ID (formerly Microsoft Azure Active Directory).

 

Target audience: Administrators, Superusers, Developers

About Single Sign-On (SSO)

Single Sign-On (SSO) allows users to access Eletive with their existing company credentials. When SSO is enabled, users no longer need a separate username and password for Eletive.

Eletive uses the modern and secure OpenID Connect protocol which is supported by a large number of systems such as Microsoft Entra ID (formerly Microsoft Azure Active Directory), Okta, and many others. When SSO is active, authentication is delegated to the organization's own authentication system.

Eletive supports multi-tenant SSO. This means you can connect multiple identity tenants to handle user authentication. For example, if your organization uses several Microsoft Entra ID tenants, you can route users to the correct tenant based on their email domain.

You can also define inclusion and exclusion rules for specific domains. This allows you to use a hybrid setup where some users authenticate via SSO, while others continue to sign in with a password.

Configuration steps for specific Identity providers

Step-by-step configuration guides are available for the following Identity Providers:

If you are using a different Identity Provider, please follow the General Configuration guide below.

Configuration steps

Configuration may vary depending on your Identity Provider. The steps below describe the general setup process within Eletive.

In Eletive

  1. Navigate Settings / Feature in the left side bar, enable feature "Single Sign-On".

  2. Now navigate to Settings / Integrations, click on "Single Sign-On"

  3. In the "Choose provider" dropdown, select "Other (OpenID)"
  4. Add the "Well known URL" and "Client ID"
  5. Email field (optional field): it is possible to specify which field the id_token to use for authentication. Note that emails for Eletive users need to match email in the id_token field. 
  6. Restrict Single Sign-On domains (optional field): it is possible to restrict Single Sing-On to specfic domains or include all domains. Specific domains can be included or excluded depending on the use case. 
    • Enter the domain name without @ sign, for example: entergmail.com and NOT @gmail.com
  7. Once finished, press "Connect"
  8. Test by opening an incognito browser window and try to sign in.

 

Tip: When testing, stay logged in to your Eletive account in a separate tab, this way you can simply remove or reconfigure the SSO connection if needed when testing.

Frequently asked questions

  1. How is the authentication made?
     

    In short: The authentication is made by matching users between Eletive and the IdP based on email address.

    The Eletive email needs to match the email provided from the IdP.

    In most cases, the default IdP configuration is sufficient and no additional setup is required. If the IdP uses a different claim for the user’s email, the Email field (step 5 above) setting can be configured to specify which id_token claim should be used. Regardless of which claim is selected, the resolved email value must still match the email registered in Eletive for the user to authenticate successfully.

  2. How to configure multi-tenant SSO in Eletive? 

    For each SSO tenant connection made, configure the "Restrict Single Sign-On domains" to include/exclude the appropriate domain(s).

  3. Is it possible to configure a custom redirect URL/URI rather than the login page? 

    No, this is not possible. Tip: to ensure an as seamless login experience as possible, ensure to check the "Remember me" check-box/features both on the Eletive login page and in the SSO client.