SSO: Entra Id

Overview of SSO using Microsoft Entra and setup instructions.

Written By Mikko Karjalainen

Last updated 10 months ago

Overview

Operating supports SSO with Entra as the identify provider. At a high level, the integration work like this:

  1. After setting up Operating to use Entra as SSO, access control is handled on Entra side. If a user is assigned to the Entra application, they will be able to log in to Operating.

  2. User accounts to Operating are provisioned just-in-time when a user logs in through the SSO connection.

    1. New users will be given the default permission set configured in

      https://use.operating.app/settings/permissions

    2. If a Person exists in Operating with the same email as the new users, we will associate the newly logged-in users to that Person.

  3. Users lose access to Operating after their assignment to the Entra application has been removed.

Contact us at support@operating.app if you want to set up Entra SSO for your tenant.

Setup instructions

Step 1: Create an App Registration for Operating in Entra

  1. Navigate to App Registrations in Entra and create a new App Registration

  2. Name: E.g. “Operating”

  3. Supported account types: Accounts in this organizational directory only

  4. Redirect URI

    1. Platform: Web

    2. Redirect URI: https://auth.operating.app/login/callback

  5. Click Register

After the app registration is created, copy down the Application (client) ID from the Overview page. You will need it later.

Step 2: Create a client secret for the App Registration you created

  1. Navigate to Manage / Certificates & Secrets for the registered App

  2. Create a new client secret

  3. Copy down the value of the client secret. You will need it later.

Step 3: Define assignments to the Enterprise Application

By default anyone in your Entra will be able to login to Operating after the connection is activated. If you want to limit the users who are able to login Operating, you must configure the created enterprise application to require assignment.

You can do this under the Enterprise Application for Operating, not under the App Registration configuration from steps 1 and 2. This Enterprise Application is created automatically when you create an App Registration.

To set up assignments, do the following:

  1. Under Manage / Properties, Set Assignment required to be Yes.

  2. Under Manage / Users and groups, assign correct groups and/or users to the Enterprise Application

Step 4: Contact us at support@operating.app

After you have created the application, contact us at support@operating.app to organise a safe delivery of the client secret and other information.

You will need to provide us with the following:

  1. Application (client) ID

  2. Client secret

  3. Your Entra Primary domain. This can be found on the overview page of Entra.

After you have provided this information, we will configure the SSO connection on our side.

When the SSO has been configured also on our side, an Entra admin has to log in to Operating once to accept sharing of data from Entra to Operating. After this you are good to go.