Set up Single Sign-On (SSO) with Azure AD and OpenID Connect for the eConnect platform.
With Single Sign-On (SSO), users can log in to the eConnect platform using their existing company account, without a separate password. The connection works via OpenID Connect and is most commonly used with Microsoft Azure AD (Entra ID). After configuration, users log in with their familiar Microsoft account and are automatically recognised by eConnect.
In brief: you register an app in Azure AD, enter the details on the eConnect platform and test the login. The entire process takes about 15 minutes if you have the right permissions.
Open Azure AD and go to App registrations. Click New registration and fill in the form:
eConnecthttps://platform.econnect.eu/openid and https://identity.econnect.eu/signin-oidchttps://pilot-platform.econnect.eu/openid and https://accp-identity.econnect.eu/signin-oidcClick Register. Copy the Application (client) ID from the overview and save it.
Go to Certificates & secrets and click New client secret. Set the expiry to a maximum of 24 months. Copy the Value of the created secret immediately (it will not be visible later).
Go to Authentication and enable ID tokens under Implicit grant and hybrid flows. You can also add extra redirect URI's here if you want to connect both production and pilot.
Go to API permissions and click Add a permission:
email, openid and profileNote: Ask an Azure administrator to grant Admin consent for these permissions if this has not been done yet.
Return to the app overview and click Endpoints. Copy the URL of the OpenID Connect metadata document. You will need this for the configuration in eConnect.
Log in to the eConnect platform as an administrator. Go to Administration > IDP configuration. If this option is not available, eConnect needs to activate it for your account first.
Click the + button to add a new IDP. Select Microsoft as the type and accept the suggested settings.
Complete the following fields:
Microsoft AD – [your organisation name]Click Fetch details to retrieve the configuration automatically from the metadata document. Then click Save.
Log out and test the SSO login. The login screen now shows the option to log in via Microsoft.
Do you want users to skip the standard login screen and be redirected directly via SSO? This is possible with a direct login URL. The URL has the following format:
https://platform.econnect.eu/login/{domain}/
Via this link, users go directly to the Azure AD login page without seeing the eConnect login screen. Contact eConnect support to set up a direct login URL for your organisation.
Tip: The direct login URL is ideal for placing on your company intranet or in a bookmark bar, so that employees can access the eConnect platform with a single click.
Are you using an on-premise Active Directory? Azure AD supports synchronisation via Azure AD Connect, so your existing users become automatically available in Azure AD. Read more on the Microsoft documentation on directory integration.
Yes. After adding an IDP, the standard eConnect login remains available. On the login screen, users choose whether to log in with their Microsoft account or with an eConnect password. If you want only SSO login to be possible (IdP restriction), contact eConnect.
The eConnect platform supports any OpenID Connect-compatible identity provider. The most commonly used is Azure AD, but Google Workspace and Apple ID are also supported as standard login methods. Contact eConnect to connect a different provider.
That does not matter. The connection works based on the OpenID Connect metadata URL and does not depend on a specific domain name. As long as the redirect URI's are configured correctly, SSO login works.
Want eConnect to set up SSO for you? Contact our support team.
Contact us