Skip to content
English
Go to eletive.com
  • There are no suggestions because the search field is empty.

Single Sign-On (SSO)

Describes how to enable and use Single Sign-On (SSO) from other systems such as Microsoft Entra ID (formerly Microsoft Azure Active Directory).

About Single Sign-On (SSO)

"Single Sign-On", or SSO as it is also called, is a way for users to sign in to Eletive using their existing company identities. The users do not need to keep separate credentials for Eletive when SSO is enabled. 

Eletive uses the modern and secure OpenID Connect protocol which is supported by a large number of systems such as Microsoft Entra ID (formerly Microsoft Azure Active Directory), Okta, and many others. When SSO is active, authentication is delegated to the organization's own authentication system.

Our platform supports multi-tenant SSO, meaning that even if you have multiple tenants that should handle user authentication, Eletive supports it. An example could be if an organization has multiple instances of Microsoft Entra ID (formerly Microsoft Azure Active Directory), then the scope of authentication can be set based on domain to specific tenants.
Exclusion and inclusion rules can also be set for different domains regarding SSO meaning that an organization can use a hybrid model, some users authenticate using SSO, and some using password.

Specific Identity provider configuration 

Configuration steps are documented for some specific Identity Providers. 
These are listed here: 

If you use a different Identify Provider than those listed above, please follow the General Configuration guide below. 

Configuration - General

The configuration may differ based on the identity provider and these are general instructions that are performed in Eletive. 

In Eletive

  • Go to "Setting -> Integrations"
  • Select "Single Sign-On"
    • If it is not present, it needs to be activated in the features panel
    • Navigate to "Settings ->Features" activate "Integrations" and "Single Sign-On". After this "Integrations" will be visible under "Settings"  
  • In the "Choose provider" dropdown, select "Other (OpenID)"
  • Add the "Well known URL" and "Client ID"
  • Email field (optional field): it is possible to specify which field the id_token to use for authentication. Note that emails for Eletive users need to match email in the id_token field. 
  • Restrict Single Sign-On domains (optional field): it is possible to restrict Single Sing-On to specfic domains or include all domains. Specific domains can be included or excluded depending on the use case. 
    • Enter the domain name without @ sign, for example: entergmail.com and NOT @gmail.com
  • Once finished, press "Connect"
  • Test by opening an incognito browser window and try to sign in. 

Tip: When testing, stay logged in to your Eletive account in a separate tab, this way you can simply remove or reconfigure the SSO connection if needed when testing.

Frequently asked questions

  1. How is the authentication made? 

    In short: The authentication is made by matching users between Eletive and the IdP based on email address.

    The Eletive email needs to match the email provided from the IdP.

    In most cases, the default IdP configuration is sufficient and no additional setup is required. If the IdP uses a different claim for the user’s email, the Email field setting can be configured to specify which id_token claim should be used. Regardless of which claim is selected, the resolved email value must still match the email registered in Eletive for the user to authenticate successfully.

  2. How to configure multi-tenant SSO in Eletive? 

    For each SSO tenant connection made, configure "the Restrict Single Sign-On domains" to include/exclude the appropriate domain(s).

  3. Is it possible to configure a custom redirect URL/URI rather than the login page? 

    No, this is not possible. Tip: to ensure an as seamless login experience as possible, ensure to check the "Remember me" check-box/features both on the Eletive login page and in the SSO client.