Skip to content
English
Go to eletive.com
  • There are no suggestions because the search field is empty.

Single Sign-On (SSO) with Microsoft Entra ID (formerly Microsoft Azure Active Directory)

This article outlines how to configure Single Sign-On with Microsoft Azure Active Directory.

Target audience: Administrators, Superusers, Developers

General documentation regarding SSO can be found here: Single Sign-On (SSO)

Eletive has an app in the Azure Marketplcae that should be used by following the step-by-step guide below.

Prerequisites

  • Access to integration settings in Eletive
  • Appropriate Access Rights in Azure

Configuration steps

In Eletive

  1. Navigate to Settings / Features in the left side bar, enable feature "Single Sign-On".

  2. Now navigate to Settings / Integrations, click on "Single Sign-On"

  3. In the "Choose provider" dropdown, select "Microsoft Azure AD (OpenID)"
  4. Press "Connect"
  5. A Microsoft authentication process is shown, select the appropriate account and authenticate
  6. After the authentication is done, a Microsoft content screen for the organization is shown which needs to be accepted
  7. After a redirect, you should be back in Eletive. Now the connection has been made and everything should work. The app has been added to Microsoft Entra ID automatically.
  8. There are additional optional settings that can be applied in Eletive:SSO entra 
    • Email field: it is possible to specify which field the id_token to use for authentication. Note that emails for Eletive users need to match email in the id_token field. 
    • Restrict Single Sign-On domains: Restrict different domains for SSO if all domains should not be included. Specific domains can be included or excluded depending on the use case. By default, there is no domain restriction. 
      • Enter the domain name without @ sign, for example: entergmail.com and NOT @gmail.com
  9. Test it by opening an incognito browser window and try to sign in to Eletive
    • This time Microsoft should be used for authentication. Note that if you are already signed in to your Microsoft account in the browser no password will be needed.

Note: The same account email will need to be used in Eletive and Microsoft for it to work. By default, if "preferred username"(UPN) is an email, that address will be used instead of the "email"(Mail) field. 

Common pitfall: UPN and Mail in Entra ID are not the same, e.g., UPN is used for authentication, and Mail for communication.This results in SSO authentication failing.

In such a case, use the "Email field" setting and insert "email" so it's used instead of "preferred username"
 

Tip: When testing, stay logged in to your Eletive account in a separate tab, this way you can simply remove or reconfigure the SSO connection if needed when testing.

Frequently asked questions

  1. In Entra ID, is app assignment required for SSO?

    No, this is configurable on the Enterprise application in Entra ID