Skip to content
  • There are no suggestions because the search field is empty.

Single Sign-On (SSO): How to configure your Microsoft Entra account

A step-by-step guide to setting up with Microsoft Entra account in preparation for Gladstone SSO.

 

July 2025 – Steps 7, 12-14 have been recently introduced to manage the Microsoft Entra requirements for Staff and Consumer Single Sign-On (SSO). If your Entra Enterprise account was previously configured, you may need to re-visit these steps to ensure your Entra account is compatible.

Introduction

This article will provide you with a step-by-step guide on all configuration requirements when activating the Gladstone SSO feature. All staff and consumer access control will consequently be controlled through your Microsoft Entra tenant and no longer by the Gladstone core solution. Please be aware, these steps should be done prior to configuring your Gladstone products.

Step 1: Configuration of your Microsoft Entra Tenant

  1. Log into your Microsoft Entra Admin Center 

  2. On the left hand menu, select Identity > Applications > Enterprise Applications

    Enterprise Applications
  3. This should navigate you to Enterprise applications | All applications. Select the option "New application" underneath the title.

    New application
  4. Select "Create you own application"

    create application
  5. Enter a name for the application, for example GladstoneGo. This is just a label to identify it within the Entra admin center, so the naming won't affect the integration. Select the "Integrate any other application" option and select Create.

    Naming your Entra application
  6. This will populate your new application and provide an Overview page. Select "Users and Groups" from the left hand menu (it may also be available in the Getting Started menu). This will take you to a page where Users and Groups on your Entra tenancy can be assigned access to the SSO integration.

    Note: As this SSO feature covers access for both Operator and Gladstone360, permissions for the applications themselves are configured within the Gladstone Management Console as previous.

    Assign users and groups
     
  7. Whether you are using Staff SSO, Consumer SSO, or both, access to the specific Gladstone applications will be controlled through Groups. At a minimum you will require two groups. Firstly, a Gladstone Go Staff group for you back-office users, that is, anyone you want to access Operator and Gladstone360. Secondly, a Gladstone Go Consumer group for your members/consumers accessing Gladstone Go Consumer.

    After assigning a Group to the Gladstone Go Enterprise Application, navigate to the Overview of the Group and copy its Object ID. This will need to be entered into Gladstone Operator.

    How to get the Object ID for an Entra group
  8. Once users and groups have been assigned, select the "Single Sign-on" option from the left hand menu (or "Set up single sign" on in the Getting Started menu)

    select sso

  9. Select "SAML" as the single sign-on method

    Select SAML option

  10. Select "Edit" on the Basic SAML Configuration section

    Select edit SAML

  11. Within the Entity ID section, provide the following configuration details:
    1. Identifier = gladstonesoftware.cloud
    2. Reply URL = https://samlauthentication.gladstonesoftware.cloud/api/samlauthentication/log-in-callback

      Enter Entity credentials
  12. Select "Edit" on the Attributes & Claims section:

    76d54a83-3001-4a0c-b4e9-d9e9c74cab15

  13. Select "Add a group claim":

    How to setup a group claim in Entra

  14. Select "Groups assigned to the application", with "Group ID" as the Source Attribute and save.

    b6a7321f-13bb-4ad9-a9ce-efe759298c43

  15. Within the SAML Certificates section, copy and make note of the "App Federation Metadata Url". This will be required when configuring Operator.

    Make note of metadata url