This article is a supplement to our main article on SSO (please read that first for context).
Skedda has a published/official integration with Microsoft Entra ID (previously called Microsoft Azure Active Directory / Azure AD) / Office 365. You can find Microsoft's detailed guide for the Skedda integration here. Use the Microsoft guide as your main reference while you're reviewing the steps and screenshots below.
A full video walkthrough of the setup process is also available below:
Step 1: Add new application
From your ‘Enterprise applications’ page, in your ‘Default Directory’, select ‘New Application’, to begin the configuration process.
Step 2: Search for, and create, your Skedda-app
In the Microsoft Entra ID Gallery, search for Skedda, and then select ‘Create’ in order to add the Skedda-app into your Directory.
Step 3: Select ‘Set up single sign on’, and choose the SAML sign-on method
In the ‘Properties’ page, select ‘Set up single sign on’:
Then, after that, select the ‘SAML’ sign-on method’:
Step 4: Configure the ‘Relay State’ value in Microsoft Entra ID
Click on the ‘Edit’ option for the ‘Basic SAML Configuration’ section on the setup page, as shown in the screenshot above. From here, you need to paste the ‘Relay State’ value, found in your Skedda SSO settings page, into the ‘Relay State’ field in Microsoft Entra ID.
You’ll find the ‘Relay State’ value in your Skedda SSO settings as shown in the screenshot below:
Step 5: Provide Skedda with your relevant IdP details
Next, copy/download the information, shown in the screenshot above, and paste it into the relevant fields in your Skedda SSO settings page. The table below shows where you should paste each value from Microsoft Entra ID, into Skedda.
Value in Microsoft Entra ID:
Corresponding field in Skedda:
Microsoft Entra ID Identifer
Identity Provider Entity ID
Identity Provider Login URL
Identity Provider Certificate Public Key
Once you’ve downloaded your ‘Certificate (Base64)’ file, you can use a text editor to open the file and access the Base64 as text for pasting into your Skedda SSO settings page. Please also note that there may be "wrapping" text in the file exported from Microsoft Entra ID (similar to "BEGIN HERE" and "END HERE") - this wrapping text should NOT be pasted into the Skedda side (i.e. only paste the "body" Base64 characters).
Step 6: Configure ‘User Attributes & Claims’ mapping
Additional note about Step 6 and the user.mail value
This section (Step 6) assumes that, as with many of our customers, your organization has not configured the "user.mail" value to pass any information to the "/emailaddress" claim, hence our instruction to map user.userprincipalname to it.
In most cases this is true, and then you should follow the instructions included here. However, if you are the System Admin for your organization and are confident that the "user.mail" value will pass the email addresses of your users to Skedda, you can keep this claim configured as such.
The final step requires that you configure the relevant attribute mappings in Microsoft Entra ID, in order to provide Skedda with the required details in order to complete authentication via SSO. Click on the ‘Edit’ option, as shown in the screenshot above, to access your ‘User Attributes & Claims’ settings.
From here, first remove the 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name' claim:
Then, click into the ‘http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress’ claim:
In the 'Manage claim' page that appears, change the "Source attribute" from "user.mail" to "user.userprincipalname":
Save the changes:
Typically, you won’t need to make any changes to the ‘user.givenname’ and ‘user.surname’ values in your ‘User Attributes & Claims’ settings page, as these are configured correctly in Microsoft Entra ID by default.
However, if, for some reason, you need to configure these values, too, then the table below shows how each 'Claim name' from the Skedda side should be matched up with its appropriate 'Value', in Microsoft Entra ID.
Microsoft Entra ID ‘Value’:
Step 7: Setup Complete!
Finally, review the "Properties" page for the app. Choose "No" for "User assignment required?" if you wish to allow all users in your Microsoft Entra ID to access the app. Otherwise, if you choose "Yes" here, you need to explicitly add users and groups to the "Users and Groups" page, otherwise nobody will have access to the app. Additionally, the "Visible to users?" item controls whether or not the app is displayed in the O365 dashboard app launcher for users who have access.
Once that’s completed, you’re all set to begin testing!
If you’d like to set your SSO integration while following along with a video walkthrough, take a look at the video below to get going!
If you're having trouble getting SSO to work after setting it up, take a look at our SSO Troubleshooting article!
Please also feel free to reach out to our support team if you have any questions or issues in the setup process.