Setup standard Single Sign On with MS Entra ID

This page describes how to enabled standard SSO without implementation and attention points regarding user management.

Enable standard SSO with MS Entra Id

In the environment, in the Ultimo Configuration Tool, go to the AET on "application" level. Search for "Microsoft." Enable "Allow Microsoft Authentication."

When enabled, on the login page a new button will appear to login with Microsoft.

Only active user accounts that receive an activation link can actually login using this new button

Reset/invite users

All existing users log in with a different method. Either 'forms' or 'custom SSO'. To let them login with this new method you can reset the login method in the user manager. This can be done per user or via multiple select in a batch. Use optional filtering to determine the correct selection.

All activated users will receive an activation link. It is possible to reset inactive users but they wont receive an activation link.

If the link has expired, you can send a new invite by clicking the envelope icon in the user manager.

Activation link

The user shares the account information with the Ultimo app when using the activation link, as shown in the dialog below. Our app is verified by Microsoft and is a trusted app.

In some organisations, the app needs to be approved by the IT department.

Once the user links his organisation account with Ultimo, the activation step is finished, and from now on, the user can log in using the login button on the login page.

Authentication is done at your organisation's identity provider. When enabled, multi-factor authentication is applied.

Provisioning

Our standard SSO method is only applicable when using MS Entra ID. It is pure authentication. Although it is possible to maintain users manually, we advise SCIM to have user provisioning in place.

PreviousLDAP NextAzure Authentication

Last updated 2 months ago