Setting Up Single Sign-On (SSO)
SSO Overview
To use single sign-on (SSO) to sign in to PassiveLogic software, you will need to register a new application with your SSO provider and grant it the permissions required for authentication. Doing so will generate 3 things that you need to send to the PassiveLogic Support team:
- The Application (Client) ID
- The Directory (Tenant) ID
- A Client Secret value
The Entra instructions following are just one example of using SSO.
Setting Up Entra ID SSO
The steps below describe the process for an IT team to set up Entra ID in coordination with PassiveLogic.
Prerequisite: Request your Redirect URL from PassiveLogic, a specific endpoint URL.
- B. Create a Client Secret (make sure to save the Value of the secret before leaving the page)
A. Register a New Application
- Sign in to the Azure Portal.
- Search for and select Microsoft Entra ID (formerly Azure Active Directory).
- In the left menu, go to Manage > App registrations and click + New registration.
- Name: Enter a name (for example, PassiveLogic-SSO).
-
Supported account types: Select the correct option for your needs.
- "Accounts in this organizational directory only" (Single tenant)
- "Accounts in any organizational directory" (Multi-tenant)
- Redirect URL: Select Web from the dropdown. Insert your specific endpoint URL provided by PassiveLogic.
- Click Register.
B. Create a Client Secret
SSO needs a "secret" to communicate securely with Azure AD.
Important: Make sure to copy the Value of the secret before leaving this process.
- In the left-hand menu of your new app registration, click Certificates & secrets.
- Go to the Client secrets tab and click + New client secret.
- Add a description (for example, PassiveLogic Login) and select an expiration period.
- Click Add.
- Important: Copy the Value of the secret immediately. It will be hidden forever once you leave this page. (You need the Value, not the Secret ID).
C. Configure API Permissions
Ensure Azure provides the basic profile information that the SSO expects.
- Click API permissions in the left menu.
- You should see User.Read (Delegated) by default. If not, click + Add a permission > Microsoft Graph > Delegated permissions > search for User.Read.
- If you plan to map Azure AD Groups to PassiveLogic roles later, also add Microsoft Graph > Delegated permissions> Directory.Read.All (this often requires Admin Consent).
D. Collect Metadata for PassiveLogic
You will need three specific pieces of information to finish the setup inside the PassiveLogic admin console:
- Application (Client) ID: Found on the Overview page.
- Directory (Tenant) ID: Found on the Overview page.
- Client Secret Value: The one you copied in section B.
E. Securely Provide PassiveLogic with the Metadata
Work with PassiveLogic Support to securely transfer your information. PassiveLogic will use the three items you collected from your application registration to finalize the SSO configuration.
Important: Make sure you use a secure encrypted method, and coordinate with PassiveLogic Support so they know how and when the metadata is being conveyed.