Sign in

nShift Help Center

Single Sign-On: Entra ID

Avatar
Malene Tidemann
Updated

This guide will help you set up Single Sign-On with Entra. 

Steps in the setup:

Step 1: Configure Entra ID application

Step 2: nShift Portal setup
 

Step 1: Configure Entra ID application

  1. Create a new Azure Active Directory tenant if you don’t own one already.
     
  2. Click App registrations > Register an application.

    register-azure.png
     
  3. Make a note of your Application (client) ID and Directory (tenant) ID values. If you have set up a client secret for the newly created client ID, please make a note of that also.
     
    app-id-tenant.png
     
  4. In the Redirect URI field, enter the callback path: https://account.nshiftportal.com/idp/federation/sample-name/signin
     
    callback-uri.png
     
  5. Under Settings, fill in the Logout URL: https://account.nshiftportal.com/idp/federation/sample-name/signout

    callback-uri.png

 

Notes:

  • The URLs used in the image are samples only.
  • sample-name should be the Scheme name from the Step 2 form. Scheme cannot be changed, so please give it a meaningful name.
  • Check the ID tokens checkbox
  • Configure Permissions. Please ensure that you have properly configured the permissions for the nShift application in EntraID. Add the following permissions:

permissions.png
 

Step 2: nShift Portal setup

  1. Log in to nShift Portal and go to Settings > CompanyManagement >  Single Sign-On (SSO).
     
  2. Select a provider from the drop-down list.

    entra-id.png
     
  3. Fill in the additional fields that appear, depending on the selected provider. It varies from provider to provider what information must be filled in. Important note: If your provider uses a Scheme name, this cannot be changed, so you must pick a relevant name the first time you configure SSO. See notes below.

    SSO-entra.png
     
  4. Click Save.
     
  5. Go to Settings > Company Management > Customer Users.
     
  6. Select the user that you want to enable Single Sign-On for.
     
  7. Select the external provider from the SSO External Provider drop-down and click Save.


Notes:

  • Client Id and Client secret are the values saved earlier when creating the app registration.
  • Scheme is the name used in the redirect URIs.
  • Valid issuer has the following pattern: https://sts.windows.net/{TENANT_ID}. TENANT_ID can be found in the overview section of the App registration.
  • Authority URL can be found in the endpoint section of the App registration.

    entra-endpoints.png


 

Related articles