This guide walks you through configuring your Skillcast application so users can log in using OIDC-based Single Sign-on (SSO) with Entra ID as the Identity Provider. Follow the steps below to prepare your environment, connect Entra ID, test the setup and go live.
Before you start
Before beginning this setup, speak with your Customer Success Manager (CSM) and Account Manager (AM) to confirm your SSO options and any associated costs.
Preparing Skillcast for Single Sign-on
To enable SSO, your CSM first needs to prepare your Skillcast portal. This involves creating an external connection for Entra ID and linking it to your user domain.
Adding a new external connection
Note: This step is usually completed by your Skillcast Customer Success Manager, but the process is outlined here if you need to review it.
Go to Management Console > Configuration > External Connections.
Select Add new connection.
From the Type dropdown, choose Azure SSO - Skillcast app. This reveals fields you must complete:
Name: Enter a name for your SSO connection.
Domain: Select your user domain.
Tenant: Enter your Entra ID tenant value if known.
Authorised domain:
Required if you are enabling Just In Time provisioning.
Enter the email domain used in Entra ID and Skillcast (for example: mycompany.com).
Add multiple domains using commas (for example: mycompany.com,mycompany.co.uk).
Important: Leaving the Authorised domain blank when using Just In Time provisioning may result in duplicate accounts or unauthorised access.
Adding SSO connection to a user domain
This step configures which user domains must use SSO when accessing your portal URL (for example: mycompany.e-learningportal.com).
Note: Your CSM will also complete this step for you.
To configure the domain:
Go to Management Console > Configure > Domains.
Find the domain you want to configure.
Tick the box next to Default domain and select Update.
If multiple domains must use the same SSO connection, set the parent domain as default.
If your domains cannot be linked by a parent, you can tick Allow any domain later instead.
Next, configure Single Sign-on:
In the left-hand menu, select Single Sign-on.
Complete the fields:
Connection: Select your new Entra ID external connection.
Status: Set to Test.
Allow any domain: Tick this if users from any domain should be able to log in using the same portal URL.
Error page: Choose the page users will see if their login fails.
User identifier: Choose the identifier used by Entra ID (for example: EmpID or email). The attribute name must match exactly on both systems.
For email, this field can be left blank.
Just-in-time provisioning:
Use Create user account if it doesn't already exist to enable JIT.
Ensure your authorised domains are added in the external connection.
Connecting your Entra ID environment to the Skillcast application
Skillcast uses a dynamic OpenID Connect setup. When a user signs in for the first time:
An Enterprise Application is created in your Entra ID tenant.
Your Entra Administrator must review and approve the application unless user consent is allowed in your tenant.
Any employee can initiate this request, but an Entra Administrator must approve it. If the admin is available to perform registration and approval at the same time, this is ideal.
Apply to register the application in Microsoft Entra ID
To create the application in your Entra ID tenant:
Go to your test SSO link:
https://[clientID].e-learningportal.com/?testSSOReplace [clientID] with the value in your portal URL.
Once authenticated, the Microsoft wizard displays your email address.
Enter a justification for the request (for example: This is for SSO connection to our company e-learning portal).
Select Request approval.
This sends the request to your Entra Administrator.
Accepting the request as an Entra Administrator
Once submitted, the Entra Administrator receives a notification email. The request can also be accessed manually:
Go to https://portal.azure.com.
Navigate to Entra ID > Enterprise Applications > Admin consent requests.
Select Portal App with the Skillcast logo.
Select Review permissions and consent.
Review the requested permissions and choose Accept.
After approval:
The Portal App appears under Entra ID > Enterprise Applications.
If your tenant requires user assignments, the admin must assign the appropriate users or security groups.
You can now share the test link with your organisation. Users will authenticate using their Windows login details. If MFA is enabled, they must complete that process too.
Changing the connection from Test to Live
Once testing is complete:
Contact your CSM to make the connection live.
From this point, users can access the portal using your normal URL and authenticate automatically (unless additional security steps like MFA apply).
Limitations and considerations
Note:
Emails that include usernames and passwords must be updated to include only the portal URL once SSO is enabled.
Your Entra Administrator can restrict access to specific users or groups by assigning them in Entra ID.
If you are migrating from Easy SSO to Entra ID SSO, the setup process may differ slightly to avoid impacting existing logins.
Next steps
You have now configured Entra ID-based Single Sign-on for your Skillcast application. If you need help completing any of the steps or encounter any issues, contact your Customer Success Manager by selecting Send us a message via the help icon on your portal, or by emailing [email protected].