This article explains how to configure Microsoft Entra ID for Single Sign-On (SSO) in Semine.
Note: Before you begin, make sure you have completed the general SSO configuration in Semine Admin Pages.
App Registration
Typically, your IT department or operating partner responsible for managing Microsoft Entra or O365 handles these steps.
Go to Register an Application
- Name: SemineSSO
- Supported Account Types: Select Accounts in this organizational directory only.
- Redirect URI: Use the value from the Callback Path field in Semine’s SSO tab.
Overview
Semine requires the following two values, which must be entered into the corresponding fields in Semine:
- Application (client) ID → Application ID field
- Directory (tenant) ID → Tenant ID / Authority field
Certificates & Secrets
- Go to Certificates & Secrets.
- Select New client secret and create a new secret with:
- Description: SemineSSO
- Expires: Optional, based on preference
Token Configuration
- Select Token configuration → Add optional claim.
- Token Type: ID
- Claim: email
Authentication
- Check the box for ID Tokens.
- Enable mobile and desktop flows by selecting Yes.
Final Steps
- Once you have saved all values in the SSO tab in Semine, SSO will be activated by a nightly job.
- If SSO is not working the next day, or if activation is time-critical, contact support@semine.no.
- After activation, users can log in by clicking the SSO button with the chosen display name.
Comments
0 comments
Please sign in to leave a comment.