Set up Signicat Dashboard login with Microsoft Entra ID
You can set up single sign-on (SSO) for the Signicat Dashboard using Microsoft Entra ID as your external identity provider. This setup allows you to manage user authentication centrally in Microsoft Entra ID while giving your team secure access to Signicat services.
The external identity provider feature is only available for production accounts in the Signicat Dashboard.
The Signicat Microsoft Entra ID integration allows you to use your Microsoft identity platform as your identity provider to centralise user management operations for your organisation in the Signicat Dashboard.
When you configure Microsoft Entra ID as an external identity provider, your team can use their existing work accounts to log in securely to the Signicat Dashboard, without having to set up new user profiles.
Get started
To enable Microsoft Entra ID as an external identity provider, you need to request access from an onboarding manager by creating a support ticket in the Signicat Dashboard.
Prerequisites
Before you begin the integration process, ensure you have the necessary permissions in Microsoft Entra ID. You need a Microsoft Entra ID user account with one of the following administrator roles:
- Global Administrator
- Application Administrator
- Cloud Application Administrator
Confirm that you have one of these required roles inside your Microsoft Entra tenant before you proceed with the integration.
Register an application in Microsoft Entra ID
To set up the integration, you need to register a new OpenID Connect (OIDC) application within the Microsoft Entra admin center. This application establishes the trust relationship between Microsoft Entra ID and the Signicat Dashboard.
- Log in to the Microsoft Entra admin center.
- Browse to Entra ID > App registrations and select New registration.
- Enter a clear name for your application (for example,
Signicat Dashboard SSO). - Choose your preferred supported account types (typically Single tenant only - <your tenant> for most applications).
- Under the Redirect URI section, set the platform dropdown to Web and enter the Signicat callback URL. This is
https://login.signicat.com/idps/oidc-vendor/response. - Click the Register button to create the application.
- On the application's Overview page, copy the Application (client) ID and Directory (tenant) ID values and save them. You will need them shortly.
For an overview of the steps, see the official documentation to Register an application in Microsoft Entra ID.
Add a secret to your application
- In the Microsoft Entra admin center, in App registrations, select your application.
- Select Certificates & secrets > Client secrets > New client secret.
- Add a description for your client secret.
- Select an expiration for the secret or specify a custom lifetime.
- Select Add.
- Record the client secret Value. You will need it shortly. This secret value is never displayed again after you leave this page.
For an overview of the steps, see the official documentation to Add and manage application credentials in Microsoft Entra ID.
Configure SSO in the Signicat Dashboard
To configure SSO with Microsoft Entra ID in the Signicat Dashboard, you must contact your onboarding manager or the Signicat support team by creating a support ticket in the Signicat Dashboard.
When you submit your ticket, include the following authentication details from your newly registered Microsoft Entra ID application:
Log in with Microsoft Entra ID SSO
Once Signicat configures your integration, you can test the authentication flow to confirm that Microsoft Entra ID successfully handles single sign-on.
- Open a new private or incognito browser window.
- Navigate to the Signicat IDP Selector page.
- Select Log in with Microsoft Entra ID from the list of available external identity providers.
External Identity Providers log in screen.
- Enter your work email address associated with your Microsoft Entra tenant.
- Select Log in.
- Enter your credentials in the Microsoft login portal when redirected, and complete any required multi-factor authentication (MFA).
- Confirm that Microsoft successfully authenticates you and redirects you back to the Signicat Dashboard.
Assign Microsoft Entra ID groups to Signicat roles
To enable automated provisioning, you need to configure role mapping between your Microsoft Entra ID groups and specific roles in the Signicat Dashboard. Signicat uses this role mapping to assign the correct permissions to new team members automatically.
Role mapping across platforms ensures that your team members automatically receive the correct permissions when they log in to the Signicat Dashboard for the first time.
1. Manage Microsoft Entra ID groups
Before defining the mapping to Signicat roles, you need to add and define user groups in the Microsoft Entra ID platform. To learn about how to manage user groups, visit the official documentation to Manage Microsoft Entra groups and group membership.
2. Configure Signicat roles and mapping
After you have created and configured your user groups in the Microsoft Entra ID platform, you can define the mapping between those groups and the roles supported by the Signicat Dashboard.
To learn about the roles and permissions for the Signicat Dashboard, visit the Managing roles and permissions documentation.
After you have identified the roles to assign to your team, Signicat Support can help you configure your role mapping. To do this, you need to create a support ticket in the Signicat Dashboard.
In your request, you must provide a list of the Microsoft Entra ID groups, with their respective Object Id values, that you want to map to Signicat roles.
User management with the SCIM REST API
You can edit the roles, permissions and profiles of your existing users after they have already onboarded to the Signicat Dashboard. To modify the configuration of existing users, you need to use the Signicat IAM SCIM API.
This REST API allows you to manage user identity and access programmatically across your platforms by performing the following operations:
- Get user profiles and attributes.
- Update users and their attributes (such as modifying roles for existing, onboarded users).
- Deactivate users.
- Lock and unlock user access.
To learn more about managing your existing users programmatically, see the Signicat IAM SCIM API reference documentation.