Single sign-on (SSO) is an authentication method that allows users to log in with a single ID to multiple related but independent software systems. We support the following identity providers (IDP):

•  
  • EntraId (former Azure Active Directory). For EntraId, we have an app in Entra Gallery.
  • nShiftMarketplace
  • Ping Identity
  • Okta
  • OpenID - generic OpenId provider
    
     

General considerations

• SSO can be activated by any user who has the SSO Configuration functionality enabled. Initially, only the Portal Owner user has this functionality.
   
• SSO can be enabled per user.
   
• All usernames must be identical to active users in the customer's Identity provider (IDP).
   
• With SSO enabled, users enter their username and are redirected to the customer's identity server to sign in, without using a password on the nShift Portal.
   
• If you chose to use OpenId, EntraID, Ping or Okta, make sure the Redirect URI follows this format:
  • The redirect URI would be https://account.nshiftportal.com/idp/federation/sample-name/signin
  • The post logout redirect URI would be https://account.nshiftportal.com/idp/federation/sample-name/signout-callback

  • The front channel logout URI would be https://account.nshiftportal.com/idp/federation/sample-name/signout

    sample-name should also be the Scheme name from the form

     

Important information about Microsoft EntraID (Azure AD) and nShiftMarketplace

The Entra user (original user) needs Azure admin rights to add applications from the Entra Gallery. If this user is deleted after integration, a new user from the customer’s Entra must be assigned as the owner and linked to the installation. Both the original and new owner users require manual SSO setup. Once the owner is set, any additional users added through the UI will automatically have SSO configured.

We recommend creating two users in the customer's Entra: one as the owner and another for Entra Gallery integration. First, set up the owner with a username and password, then add the integration user under the owner as SSO (manual setup). After integration, switch the owner to SSO (manual setup) and add all other users, who will automatically be set as SSO.

How to activate SSO

1. Log in to nShift Portal and go to Settings > Company Management > Single Sign-On (SSO). 
    
2. Select a provider from the drop-down list.
   
   
    
3. Fill in the additional fields that appear, depending on the selected provider. It varies from provider to provider what information must be filled in. Important note: If your provider uses a Scheme name, this cannot be changed, so you must pick a relevant name the first time you configure SSO. 
   
   Example:
   
    
4. Click Save. 
    
5. Go to Settings > Company Management > Customer Users.
    
6. Select the user that you want to enable Single-Sign-On for.
    
7. Go to the General tab, select the external provider from the dropdown, and click Save.
   
   
    

Resources

• nShift guide: Single Sign-On: nShift Marketplace
• nShift guide: Single Sign-On: EntraID
• Guide by Microsoft: https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/add-application-portal