Skip to main content

Single Sign-On (SSO) via Microsoft Entra ID (Azure AD)

Caim Hermoso avatar
Written by Caim Hermoso
Updated over 4 months ago

What is SSO?

Single Sign-On (SSO) allows users to access Safety365™ using their company Microsoft credentials via Microsoft Entra ID (formerly Azure AD). No separate Safety365™ password is required.

Picture


When SSO is enabled, users simply enter their email address on the Safety365 login screen, select the Microsoft Entra ID option, and are securely redirected to Microsoft to authenticate. Once verified, they are automatically logged into Safety365.

Key Features

  • Microsoft Entra ID Only
    Safety365 SSO currently supports only Microsoft Entra ID. Other identity providers like Okta are not supported yet.

  • Just-In-Time Provisioning (JIT)
    New users are automatically created in Safety365 when they first log in via SSO. Default roles, location, and timezone settings are applied based on your organisation’s configuration.

  • Enforced Secure Login
    Once SSO is activated, traditional logins are disabled. All users must authenticate via Microsoft SSO, helping to enforce company-wide security protocols.

  • MFA Support
    Multi-Factor Authentication (MFA) is handled by Microsoft Entra ID. Safety365 disables its own MFA when SSO is active but allows it to be re-enabled if required.

  • Single Logout (SLO)
    When SLO is configured, logging out of Microsoft will also end the user's session in Safety365.

SSO Activation

The feature must be activated before use. To enable it, contact support@sevron.co.uk or book a call with our team to learn more.

Once the feature is activated by the support team, Super Users can enable the SSO functionality in the settings area to make it available to users. Toggle the Enable SSO option in Security Settings and configure SSO to link to your Microsoft Entra ID.

Picture

SSO Setup Requirements

To configure SSO in Safety365, your IT team will need to complete the setup in System Settings > Security Settings:

  • Provide the App Federation Metadata URL from Microsoft Entra ID

  • Define a valid SSO domain (e.g. yourcompany.com) to match users

  • Use the Service Provider (SP) Metadata URL from Safety365 in your Microsoft SAML app setup

The system requires the following user attributes from Microsoft:

  • Login: Microsoft email and password

  • Admin Configuration: App Federation Metadata URL and SSO domain

User Management

  • Customising Auto-Created Users

    Picture

    Admins can define default user settings under:

    Security Settings > SSO Settings > Create User On Demand

    • Default location

    • Default timezone

    • COSHH role

    • Incident role

  • Email Address Changes
    If a user's email changes in Microsoft Entra ID, Safety365 may not recognise them. Update the email in Safety365 manually to restore access.

  • Unassigned Users
    If a user is not assigned to the Safety365 app in Entra ID, they’ll receive a Microsoft access error. Assignment must be handled by your IT team.

  • Attempting Manual Login After SSO Is Enabled
    Users trying to log in through the old manual method will see a standard “Invalid username or password” error.

To enable SSO for your organisation, contact support@sevron.co.uk or book a call with our team to learn more.

Our support team will assist you through the activation and configuration process.

Did this answer your question?