Skip to main content

How to configure Single Sign-on (SSO) using Entra ID (formerly Azure AD)

Allow users to login with SSO using Entra ID as your Identity Provider.

Updated over 2 weeks ago

Before you start

You may want to speak to your Customer Success Manager (CSM) and Account Manager (AM) about:

  • Options and costs of implementing SSO for your application

  • User domains you want to use with SSO

  • Whether your CSM will help with setup or make sure you have the correct setup permissions

Preparing Skillcast for SSO

First, prepare the Skillcast portal

Add a new external connection

This process is usually completed by your CSM

1. Select Management Console > Configuration > External connections

2. Select the Type dropdown and choose Azure SSO - Skillcast App and then enter:

  • Name for the SSO connection

  • Domain

  • Tenant

  • Authorized domain (must be completed when choosing Just In Time provisioning via SSO – leaving it empty risks duplicate account creation or unauthorised access) Enter what comes after the @ in the email address, using commas to separate multiple domains

Adding SSO connection to a user domain

Now it's time to configure which domains must use SSO, so users can be authenticated and access your portal URL (which looks like yourcompany.e-learningportal.com)

This process is usually completed by your CSM

1. Select Management Console > Configuration > Domains

2. Select the domain you want to configure as your SSO domain
3. Tick the box next to the default domain, and click Update (got more than one domain that needs to use the same SSO connection? Set the default domain as the parent of the other domains. Or you can skip and select Allow any domain
4. In the left-hand menu, select Single Sign-On and complete the fields that appear:

  • Connection: Select new external connection for Entra ID

  • Status: Select Test

  • Allow any domain: Tick to override any chosen default domains, so users in any domain can use the portal URL to login (if they have matching Entra ID and Skillcast accounts). This is useful if your user domains can't be linked by a parent, but need to use the same URL to login

  • Error page: Choose an error page for users to view if their login fails

  • User identifier: Choose an attribute, such as EmpID, with a name that matches what's provided by Entra ID (email can be left blank; Skillcast recognises it)

  • Just-in-time provisioning: Change to Create user account if it doesn't already exist from the default User account must be pre-registered. Also make sure you've added email domains in the Authorised domain field of your external connection

Connecting your Azure AD environment to your Skillcast Application

Any staff member in your company can do this, but your Entra ID administrator has to approve the first request and, ideally, also complete the registration.

Apply to register the application in your Entra ID

Go to the test link, which should look like: https://[clientID].e-learningportal.com/?testSSO (replace ClientID with the ID that's in your portal's URL:
​

After authenticating, you'll be taken to the Microsoft wizard. Enter the justification for requesting the app. For example, 'for SSO connection to our company e-learning/compliance portal'.

Accepting the request as an Entra ID administrator

After entering the justification, the Entra ID administrator will receive an email with a link. Selecting this takes them to Entra ID management of the application. They can also access the request by:

  1. Going to https://portal.azure.com/

  2. Selecting Entra ID > Enterprise Applications > Admin consent requests

  3. Selecting Portal app (with the Skillcast logo) and selecting Review permissions and consent

  4. Selecting Accept when the pop-up appears asking for permissions to be granted to the Skillcast app

The portal app will show as installed under Entra ID > Enterprise Applications and you can share test links with other users in your organisation.

Changing the connection from Test to Live

When you're happy that testing is complete, go to:
​

1. Management Console > Domain > Single Sign-On
2. Change the SSO status from Test to Live, then select Update settings

Users will need their Windows login details to authenticate and access Skillcast for the first time. Then they can access Skillcast simply by being logged into Windows. Users will still have to complete any other security settings activated, such as MFA.

Limitations and considerations

  1. Any emails that pull through usernames and passwords need to be updated to only show the URL

  2. Entra ID administrators can configure the Enterprise Application to be available only to specific users, with rights assigned to users within Entra ID

  3. If you use the easy SSO option within Skillcast and want to migrate to the Entra ID SSO, the steps above will be different to avoid impacting your current SSO during testing

  4. Request logs are available to view through the SSO menu in the domain. Select view logs to view all requests. The default is to log all requests, but you can change this by changing the logging setting to 'Errors'

Did this answer your question?