Enterprise Single Sign-On (SSO) Entra ID Implementation
For secure access to the Mondra platform, we will configure Single Sign-On (SSO) with your Microsoft Entra ID.
These steps must be carried out by a Global Administrator.
Hands On Method
You will need to complete the following steps to link our authentication platform (Auth0) with your Entra ID (Formally AAD):
- Navigate to your Entra ID portal.
- Select App Registrations.
- Select + New Registration to create a new application.
- Give the application a name such as 'Mondra SSO'
- Click on Authentication and insert the Redirect URI https://sso.mondra.com/login/callback
- Click Register
- Open the application you have just created and copy the Directory (Tenant) ID and the Client ID and email the IDs to sso@mondra.com
- Click Certificates & Secrets
- Click + New Secret
- Give the secret a name such as 'Mondra SSO' and set the expiry to align with your security policies.
- Copy the new secret Value and send with the expiry date, in a separate email to the Client ID and Directory ID, to sso@mondra.com
- Select API Permissions in the blade and Grant admin consent for the application ensuring that green ticks are against the permission values.
- Head to the Enterprise Application that was created and add the required users or predefined Entra ID Security Group containing the Mondra Platform users.
Once we have received this information we will configure the SSO connection in Auth0 and confirm the connection is working. We will then send you a confirmation email. All users registered with the Mondra platform will receive email notification confirming access.
Advanced - PowerShell Method
If you would like, you can use use the below PowerShell script to create the App Registration automatically.
- #Connect-AzAccount -tenant <tenantID>
- $uiAppDisplayName = "PowerShell Test"
- $uri = "https://sso.mondra.com/login/callback"
- $uiApp = New-AzADApplication -DisplayName $uiAppDisplayName `
- -AvailableToOtherTenants $false `
- -ReplyUrls $uri
- #Create the client secret
- $startDate = Get-Date
- $endDate = $startDate.AddYears(1)
- $secret = New-AzADAppCredential -ApplicationId $uiApp.AppID -StartDate $startDate -EndDate $endDate
- #Create the app permissions
- Add-AzADAppPermission -ApplicationId $uiApp.AppID -Api "00000003-0000-0000-c000-000000000000" -PermissionId "e1fe6dd8-ba31-4d61-89e7-88639da4683d"
- #Retrieve the tenant ID
- #$tenantId = (Get-AzTenantDetail).ObjectId
- #Print the App-ID, tenant ID, and client secret
- Write-Host "App-ID: $($app.AppId)"
- Write-Host "Tenant ID: $tenantId"
- Write-Host "Client Secret: $($secret.SecretText)"
Related Articles
Enterprise Single Sign-On (SSO) OneLogin Implementation
For secure access to the Mondra platform, we will configure Single Sign-On (SSO) with OneLogin. These steps must be carried out by a Super User. OneLogin to Auth0 You will need to complete the following steps to link our authentication platform ...Enterprise Single Sign-On (SSO) Okta Implementation
For secure access to the Mondra platform, we will configure Single Sign-On (SSO) with your Okta tenant. These steps must be carried out by an Administrator. Okta You will need to complete the following steps to link our authentication platform ...MacOS - Safari does not display last name in sign up form and/or loops
If you come across an issue during the sign up process where your last name is not show in the form and you are unable to continue and the form continues to loop when clicking Complete, this is due to Safari's Ad Blockers incorrectly identifying ...How to Log a Ticket?
A Step-by-Step Guide to Logging a Ticket Logging a ticket is a crucial step in requesting assistance from a support team when you encounter an issue. This refers to any technical problems, platform access issues or general queries that are not ...