Setup standard Single Sign On with MS Entra ID

Enable standard SSO with MS Entra ID

In the environment, in the Ultimo Configuration Tool, go to the AET on "application" level. Search for "Microsoft." Enable "Allow Microsoft Authentication."

When enabled, on the login page a new button will appear to login with Microsoft.

Add new users

In Ultimo in the UCT>User manager you can add new users. Fill in the mandatory field. You can ignore the password and authentication fields. When the user receives the activation email, based on what is allowed in the Ultimo application, they decide for themselves how to log in and which fields to fill in. After you add the user, activate the account. Automatically, the user will receive an activation email with the required information.

Reset existing users and invite them

All existing users log in with a different method. Either 'forms' or 'custom SSO'. To let them login with this new method you can reset the login method in the user manager. This can be done per user or via multiple select in a batch. Use optional filtering to determine the correct selection.

All activated users will receive an activation link. It is possible to reset inactive users but they wont receive an activation link.

If the link has expired, you can send a new invite by clicking the envelope icon in the user manager.

Activation link

The user shares the account information with the Ultimo app when using the activation link, as shown in the dialog below. Our app is verified by Microsoft and is a trusted app.

Once the user links his organisation account with Ultimo, the activation step is finished, and from now on, the user can log in using the login button on the login page.

Provisioning

Our standard SSO method is only applicable when using MS Entra ID. It is pure authentication. Although it is possible to maintain users manually, we advise SCIM to have user provisioning in place.