How to.. Create an Enterprise Federation to EntraID

The SoftwareOne Services Portal (SSP) supports several methods of Authentication including;

Social Sign On: We support Microsoft EntraID (including Microsoft 365) or Google.
Registering a username and password, includes mandatory Multi Factor Authentication.
Enterprise Federation: A dedicated connection to your workplace Identity Provider (we support lots of IDP’s and federation protocols).

Both the “Social Sign On” and the “Enterprise Federation” provide a Single Sign On experience for your users, however Enterprise Federation offers the added security of restricting which Identity Provider can provide authentication for your specific email domain(s).

This document describes the steps needed to setup Enterprise Federations with Microsoft EntraID, and the information you need to share with the SoftwareONE Services Portal team to complete the connectivity. If you need any details on setting up other IDP’s do just contact us.

Pre-Requisites

Authoritative access to your Identity Provider as described below

Procedure for Azure EntraID

The procedure involves setting up an Application in your EntraID which will allow our Authentication system to connect to your EntraID and authenticate your users.

The steps show how to create that Application and what information to share with us so we can connect.

Step	Key Action	Detail
1	Confirm your Role in EntraID has at least “Cloud Application Administrator” as show	Go to EntraID > Roles and Administrators and check you have access tocreate Applications. You should have Cloud Application Administrator at minimum.
2	Create a New App Registration	Sign into the Azure Portal > go to EntraID > App Registrations > New registration:
3	Name the application and select the Account Type	Name the application to your own naming convention, for example “SoftwareOne Services Portal”. Set the Account Type to be “Accounts in any organizational directory (Any Microsoft EntraID tenant - Multitenant)” Set the Callback URL to Web with the following URL: https://id.softwareone.cloud/login/callback Hit Register
4	Create a Secret	Open the Application go to Client Credentials > Click Add a Certificate or Secret Click New client secret Name your Secret and set the expiry Note that you may want to set a reminder to tell us the new Client Secret per the Expiry term.
5	Share the details of your application with the SoftwareOne Services Portal Team	We will need the following details Your Primary Domain Application (client) ID Client Secret Value (note we will need additional information in the next step) Screenshots of where to find each of the above
6	Share the details with the team	We will need: A Primary Contact email address Company Name EntraID Primary Domain Name Application (client) ID Client Secret Value A list of email domains you want to associate to this federation, e.g. @contoso.com You can share the details to your SoftwareOne contact using Crypto, our secure secret sharing facility: https://zyncc-crypto.softwareone.cloud/
7	The Services Portal team will setup the federation and be in touch with your Primary Contact to test the connection

After completing the Federation users with the domain names specified above will be able to go to the SoftwareOne Services Portal and simply enter their email address and click Continue to use their Enterprise identity.

Further information:

https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app?tabs=certificate

For further information contact the following team (ref the Whos Who document to get team member info):