Search

Microsoft Entra Single Sign-On (SSO) Integration Guide

Gretchen
Gretchen
  • Updated

This guide explains how to set up Microsoft Entra Single Sign-On (SSO)—formerly Azure SSO—so your users can access Emtrain with their existing login credentials, rather than a separate login process.

Requirements

To integrate Emtrain with Microsoft Entra SSO you must have:

  • An active Emtrain account.
  • A unique email address for every user.
  • A Microsoft Entra account with a Microsoft Entra ID tenant.
  • All of your users must have a valid email address in Microsoft Entra ID.
  • Each of your users’ email addresses in Emtrain must match their primary Microsoft Entra ID email address.
  • The API Key for your account: Obtain your API key by navigating to Site Config from the Manage Menu. Select the Integrations tab and then the option to Enable SSO.

Each of your users’ email addresses in Emtrain must match their primary email address in Microsoft Entra.  

Once you save the integration, username and password authentication will be disabled on your Emtrain account. This means that when you or your team members go to access your Emtrain account, you'll be redirected to complete the SSO authentication process instead of entering a username and password. This change happens immediately after you complete the integration setup, so make sure your team is prepared for the new login process.

Microsoft Entra SSO Configuration

  1. Log into the Microsoft Entra management console and select the Microsoft Entra ID service (formerly Microsoft Azure Active Directory).
    Azure-step1.png
  2. Select the appropriate Microsoft Entra ID tenant and select the Enterprise Applications option in the Manage sidebar.
    Azure-step2.png
  3. Select New Application.
    Azure-step3.png
  4. In the Microsoft Entra ID Gallery Preview section, select Create your own application.
    Azure-step4.png
  5. Enter the name of the application and select the “Integrate any other application you don’t find in the gallery.” Select Create.
    Azure-step5.png
  6. When prompted to select a Single Sign-On method, choose SAML.
    Azure-step6.png
  7. In section 1, Basic SAML Configuration, enter the Identifier URL, Reply URL, and Relay State URL. You will need to construct these URLs by replacing the bracketed portions in the template URLs (below) with your account’s specific values.
    1. Identifier URL: https://yourcompany.app.emtrain.com/home
    2. Reply URL: https://yourcompany.ai-api.emtrain.com/authentication/saml?API_KEY=[account API Key]
    3. Relay State: https://yourcompany.app.emtrain.com/saml
      Azure-step7.png
  8. Select Save after you have entered the basic SAML parameters.
  9. In section 2, User Attributes and Claims, select Edit.
    Azure-step9.png
  10. Create the following attributes exactly as shown—attribute names are case-sensitive:
    1. Name: API_KEY
      Source Attribute: Your accounts API key
    2. Name: Email
      Source Attribute: user.email
    3. Name: FirstName
      Source Attribute: user.firstName
    4. Name: LastName
      Source Attribute: user.lastName
      Azure-step10-1.png 
      The final list of user attributes should look like this:
      Azure-step10-2.png
  11. Download the Base64 certificate from the SAML Signing Certificate.
    Azure-step11.png
  12. Select Properties from the Manage sidebar, then copy the User Access URL, which is needed to complete the setup on your Emtrain account. Save this URL for the next steps in the process. Upload an Emtrain logo in the Logo section while you are on the Properties page.
    Azure-step12.png

Emtrain Configuration

After you have completed your Microsoft Entra SSO configurations, take these steps to connect Emtrain:

  1. Log into your Emtrain account.
  2. Navigate to Site Config via Manage and select the Integrations tab.
  3. Select to Enable SSO, choose Microsoft Entra from the Provider dropdown menu.
  4. Open the Microsoft Entra Base64 certificate in a text editor and copy and paste the certificate body into the SSO X.509 Certificate field. Include only the certificate values. Do not include the “Begin” and “End” content: ---BEGIN CERTIFICATE--- and ---END CERTIFICATE---
  5. Paste the Microsoft Entra User Access URL into the SSO Entry Point field.
  6. Optionally, if you wish to redirect your users to a specific URL when they log out of Emtrain, enter that URL in the SSO Logout Redirect URL text field. If this field is left blank, users will be redirected to an Emtrain Logged Out page upon logging out.
  7. Select the Save button to finalize the integration.
    manage-azure-ssoconfig.png
  8. The Microsoft Entra SSO integration is now configured.

Visiting your account’s subdomain will redirect users to the User Access URL and authenticate them via SAML.

We offer Just-in-Time (JIT) provisioning, which works with SSO. This enables automatic user profile creation the first time a user logs into Emtrain via SSO. Learn about Just-in-Time Provisioning with SSO.

How Users Log into Emtrain

Be sure to assign the Emtrain app to all users via Microsoft Entra SSO. We recommend working with your IT team to assign access just before you deploy training (for example, fewer than 12 hours prior) to prevent users from exploring Emtrain too soon.

Users signed into your SSO can access Emtrain in these ways:

  • Through the Emtrain tile in your Single Sign-On access panel.
  • Via links in notification emails.
  • From your account URL.

If a user isn’t yet signed into SSO, they’ll be redirected to your SSO login.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request