Authentication
      Back to home
      1. Help Center
      2. Organization
      3. Authentication

      Single Sign-On (SSO) with Microsoft Entra ID (formerly Microsoft Azure Active Directory)

      This article outlines how to configure Single Sign-On with Microsoft Azure Active Directory.

      General documentation regarding SSO can be found here: Single Sign-On (SSO)

      Eletive has an app in the Azure Marketplcae that should be used by following the step-by-step guide below.

      Prerequisites

      • Access to integration settings in Eletive
      • Appropriate Access Rights in Azure

      Also, note that Internet Explorer should NOT be used, use a modern and secure browser like Chrome.

      In Eletive

      • Start by navigating to "Setting -> Integrations" in Eletive
      • Select "Single Sign-On"
        • If it is not present, it needs to be activated in the features panel
        • Navigate to "Settings ->Features" activate "Integrations" and "Single Sign-On". After this Integrations will be visible under "Settings"  
      • In the "Choose provider" dropdown, select "Microsoft Azure AD (OpenID)"
      • Press "Connect"
      • A Microsoft authentication process is shown, select the appropriate account and authenticate
      • After the authentication is done, a Microsoft content screen for the organization is shown which needs to be accepted
      • After a redirect, you should be back in Eletive. Now the connection has been made and everything should work. The app has been added to Microsoft Entra ID (formerly Azure Active Directory) automatically.
      • There are additional optional settings that can be applied in Eletive: 
        • Email field: it is possible to specify which field the id_token to use for authentication. Note that emails for Eletive users need to match email in the id_token field. 
        • Restrict Single Sign-On domains: Restrict different domains for SSO if all domains should not be included. Specific domains can be included or excluded depending on the use case. By default, there is no domain restriction. 
      • Test it by opening an incognito browser window and try to sign in to Eletive
        • This time Microsoft should be used for authentication. Note that if you are already signed in to your Microsoft account in the browser no password will be needed.
        • Note: The same account email will need to be used in Eletive and Microsoft for it to work. By default, if "preferred username" is an email that address will be used instead of the "email" field. 

      Tip: When testing, stay logged in to your Eletive account in a separate tab, this way you can simply remove or reconfigure the SSO connection if needed when testing.