This article is a supplement to our main article on SSO (please read that first for context).
Skedda has a published/official integration with Microsoft Entra ID (previously called Microsoft Azure Active Directory / Azure AD) / Office 365. You can find Microsoft's detailed guide for the Skedda integration here. Use the Microsoft guide as your main reference while you're reviewing the steps and screenshots below.
Step 1: Add a new application
From your ‘Enterprise applications’ page, in your ‘Default Directory’, select ‘New Application’, to begin the configuration process.
Step 2: Search for, and create, your Skedda app
In the Microsoft Entra ID Gallery, search for Skedda, and then select ‘Create’ in order to add the Skedda app to your Directory.
Step 3: Select ‘Set up single sign-on’, and choose the SAML sign-on method
In the ‘Properties’ page, select ‘Set up single sign-on’:
Then, after that, select the ‘SAML’ sign-on method’:
Step 4: Configure the ‘Relay State’ value in Microsoft Entra ID
Click on the ‘Edit’ option for the ‘Basic SAML Configuration’ section on the setup page, as shown in the screenshot above. From here, you need to paste the ‘Relay State’ value, found in your Skedda SSO settings page, into the ‘Relay State’ field in Microsoft Entra ID.
You’ll find the ‘Relay State’ value in your Skedda SSO settings as shown in the screenshot below:
Step 5: Provide Skedda with your relevant IdP details
Next, copy/download the information, shown in the screenshot above, and paste it into the relevant fields on your Skedda SSO settings page. The table below shows where you should paste each value from Microsoft Entra ID, into Skedda.
Value in Microsoft Entra ID: | Corresponding field in Skedda: |
Microsoft Entra ID Identifer | Identity Provider Entity ID |
Login URL | Identity Provider Login URL |
Certificate (Base64) | Identity Provider Certificate Public Key |
Once you’ve downloaded your ‘Certificate (Base64)’ file, you can use a text editor to open the file and access the Base64 as text for pasting into your Skedda SSO settings page. Please also note that there may be "wrapping" text in the file exported from Microsoft Entra ID (similar to "BEGIN HERE" and "END HERE") - this wrapping text should NOT be pasted into the Skedda side (i.e. only paste the "body" Base64 characters).
Step 6: Configure ‘User Attributes & Claims’ mapping
Additional note about Step 6 and the user.mail value
For most setups, the default configuration as seen in Microsoft Entra will be fine - there will be no need to touch these claims and you can leave them as they are.
However, if your organization has not configured the "user.mail" value to pass any information to the "/email address" claim, here are the instructions you can follow.
The final step requires that you configure the relevant attribute mappings in Microsoft Entra ID, in order to provide Skedda with the required details in order to complete authentication via SSO. Click on the ‘Edit’ option, as shown in the screenshot above, to access your ‘User Attributes & Claims’ settings.
From here, first remove the 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name' claim:
Then, click into the ‘http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress’ claim:
In the 'Manage claim' page that appears, change the "Source attribute" from "user.mail" to "user.userprincipalname":
Save the changes:
Typically, you won’t need to make any changes to the ‘user.givenname’ and ‘user.surname’ values in your ‘User Attributes & Claims’ settings page, as these are configured correctly in Microsoft Entra ID by default.
However, if, for some reason, you need to configure these values, too, then the table below shows how each 'Claim name' from the Skedda side should be matched up with its appropriate 'Value', in Microsoft Entra ID.
Microsoft Entra ID ‘Value’: | Claim name: |
user.userprincipalname | |
user.givenname | |
user.surname |
Bonus Tip: If you're using Attribute Rules to auto-tag users on Skedda when they first log in, and you want this behavior to be based on "Group" memberships in Azure, then you can use the "Add a group claim" button to achieve this (see screenshot below):
Example of using Attribute Rules and shortening the Claim name in Azure so it's easy to use in Skedda Attribute Rules
Step 7: Setup Complete!
Finally, review the "Properties" page for the app. Choose "No" for "User assignment required?" if you wish to allow all users in your Microsoft Entra ID to access the app. Otherwise, if you choose "Yes" here, you need to explicitly add users and groups to the "Users and Groups" page, otherwise, nobody will have access to the app. Additionally, the "Visible to users?" item controls whether or not the app is displayed in the O365 dashboard app launcher for users who have access.
Once that’s completed, you’re all set to begin testing!
Walkthrough video
If you’d like to set your SSO integration while following along with a video walkthrough, take a look at the video below to get going!
If you're having trouble getting SSO to work after setting it up, take a look at our SSO Troubleshooting article!
Please also feel free to reach out to our support team if you have any questions or issues in the setup process.