All Collections
Single Sign-On (SSO)
SSO Configuration - Microsoft Entra ID / Office 365
SSO Configuration - Microsoft Entra ID / Office 365

Specific information about configuring SSO for Microsoft Entra ID / Office 365.

Team Skedda avatar
Written by Team Skedda
Updated over a week ago

This article is a supplement to our main article on SSO (please read that first for context).

Skedda has a published/official integration with Microsoft Entra ID (previously called Microsoft Azure Active Directory / Azure AD) / Office 365. You can find Microsoft's detailed guide for the Skedda integration here. Use the Microsoft guide as your main reference while you're reviewing the steps and screenshots below.

Step 1: Add a new application

From your ‘Enterprise applications’ page, in your ‘Default Directory’, select ‘New Application’, to begin the configuration process.

Step 2: Search for, and create, your Skedda app

In the Microsoft Entra ID Gallery, search for Skedda, and then select ‘Create’ in order to add the Skedda app to your Directory.

Step 3: Select ‘Set up single sign-on’, and choose the SAML sign-on method

In the ‘Properties’ page, select ‘Set up single sign-on’:

Then, after that, select the ‘SAML’ sign-on method’:

Step 4: Configure the ‘Relay State’ value in Microsoft Entra ID

Click on the ‘Edit’ option for the ‘Basic SAML Configuration’ section on the setup page, as shown in the screenshot above. From here, you need to paste the ‘Relay State’ value, found in your Skedda SSO settings page, into the ‘Relay State’ field in Microsoft Entra ID.

You’ll find the ‘Relay State’ value in your Skedda SSO settings as shown in the screenshot below:

Step 5: Provide Skedda with your relevant IdP details

Next, copy/download the information, shown in the screenshot above, and paste it into the relevant fields on your Skedda SSO settings page. The table below shows where you should paste each value from Microsoft Entra ID, into Skedda.

Value in Microsoft Entra ID:

Corresponding field in Skedda:

Microsoft Entra ID Identifer

Identity Provider Entity ID

Login URL

Identity Provider Login URL

Certificate (Base64)

Identity Provider Certificate Public Key

Once you’ve downloaded your ‘Certificate (Base64)’ file, you can use a text editor to open the file and access the Base64 as text for pasting into your Skedda SSO settings page. Please also note that there may be "wrapping" text in the file exported from Microsoft Entra ID (similar to "BEGIN HERE" and "END HERE") - this wrapping text should NOT be pasted into the Skedda side (i.e. only paste the "body" Base64 characters).

Step 6: Configure ‘User Attributes & Claims’ mapping

Additional note about Step 6 and the user.mail value

For most setups, the default configuration as seen in Microsoft Entra will be fine - there will be no need to touch these claims and you can leave them as they are.

However, if your organization has not configured the "user.mail" value to pass any information to the "/email address" claim, here are the instructions you can follow.

The final step requires that you configure the relevant attribute mappings in Microsoft Entra ID, in order to provide Skedda with the required details in order to complete authentication via SSO. Click on the ‘Edit’ option, as shown in the screenshot above, to access your ‘User Attributes & Claims’ settings.

In the 'Manage claim' page that appears, change the "Source attribute" from "user.mail" to "user.userprincipalname":

Save the changes:

Typically, you won’t need to make any changes to the ‘user.givenname’ and ‘user.surname’ values in your ‘User Attributes & Claims’ settings page, as these are configured correctly in Microsoft Entra ID by default.

However, if, for some reason, you need to configure these values, too, then the table below shows how each 'Claim name' from the Skedda side should be matched up with its appropriate 'Value', in Microsoft Entra ID.

Bonus Tipp: If you're using Attribute Rules to auto-tag users on Skedda when they first log in, and you want this behavior to be based on "Group" memberships in Azure, then you can use the "Add a group claim" button to achieve this (see screenshot below):

Step 7: Setup Complete!

Finally, review the "Properties" page for the app. Choose "No" for "User assignment required?" if you wish to allow all users in your Microsoft Entra ID to access the app. Otherwise, if you choose "Yes" here, you need to explicitly add users and groups to the "Users and Groups" page, otherwise, nobody will have access to the app. Additionally, the "Visible to users?" item controls whether or not the app is displayed in the O365 dashboard app launcher for users who have access.

Once that’s completed, you’re all set to begin testing!

Walkthrough video

If you’d like to set your SSO integration while following along with a video walkthrough, take a look at the video below to get going!

If you're having trouble getting SSO to work after setting it up, take a look at our SSO Troubleshooting article!

Please also feel free to reach out to our support team if you have any questions or issues in the setup process.

Did this answer your question?