Setting up Single Sign-On (SSO) for ISMS.online allows your organisation to integrate your identity provider (IdP) for seamless user authentication. This process requires technical details from your IdP, so you may need support from your IT or systems team.

Note: Entra ID is the new name for Azure Active Directory.


ISMS.online currently supports the following identity providers:

1. How to Obtain Identity Provider Information

You can either send us your Identity Provider (IdP) metadata file or follow the manual steps below to configure SSO using Entra ID.


Step-by-Step Guide:


1. Create a New Application

  • Sign in to the Azure Admin Portal
  • Navigate to Azure Active Directory > Enterprise Applications

Welcome to Azure! Don't have a subscription? Check out the following options. Start with an Azure free trial Get $200 free credit toward Azure products and services, plus 12 months of popular free services. Manage Azure Active Directory Manage access, set smart policies, and enhance security with Azure Active Directory. Start Learn mare e? Access student benefits Get free software, Azure credit, or access Azure Dev Tools for Teaching after you verify your academic status. Explore Learn more e? Azure Active Directory View Groups Learn mare e? Azure services Create a resource Enterprise applications App Services Resource groups Quickstart Center Virtual machines Mare services  





  • Choose Create your own application, name it (e.g. ISMS.online), and select Integrate any other application you don’t find in the gallery (Non-gallery).



  • Click Create


1.2 Assign Users and Groups


Once the application is created:

  • Go to your app's Overview page
  • Under Getting Started, click Assign users and groups




  • In the left-hand menu, click Single Sign-On
  • Select SAML as the sign-on method



1.4 Add ISMS.online Settings


Apply the following values in the Basic SAML Configuration section. If you’ve already set a custom subdomain, use the same value for <ORGANISATION>.


Global (default) region:

  • Assertion Consumer Service (ACS) URL:
     https://<ORGANISATION>.isms.online/sso/saml2
  • Entity ID:
     https://<ORGANISATION>.isms.online/sso/saml2/sp

APAC region:

  • ACS URL:
     https://<ORGANISATION>.r2.isms.online/sso/saml2
  • Entity ID:
     https://<ORGANISATION>.r2.isms.online/sso/saml2/sp

North America region:

  • ACS URL:
     https://<ORGANISATION>.r3.isms.online/sso/saml2
  • Entity ID:
     https://<ORGANISATION>.r3.isms.online/sso/saml2/sp

EU region:

  • ACS URL:
     https://<ORGANISATION>.r4.isms.online/sso/saml2
  • Entity ID:
     https://<ORGANISATION>.r4.isms.online/sso/saml2/sp

You can choose your organisation's subdomain (e.g. facebook.isms.online) during setup.



1.5 Provide Required SSO Details to ISMS.online


After configuration, please send us the following information:

  • The subdomain you set (if different from your current platform subdomain)
  • The Login URL (SSO Target URL)
  • The Azure AD Identifier (Entity ID)
  • The Security Certificate in base64 format

If your certificate is expired, create a new one and activate it via the three-dot menu in the certificate section.

All SSO requests should initially come from an Organisation Admin. You can email these details to support@isms.online or contact us via live chat


In Entra ID:

SSO Target Url =  Login URL

Entity IDAzure AD identifier

2. Mapping Attributes in Entra ID

To ensure successful SSO login, you must correctly map the user attributes.


Attribute Mapping Steps:

  1. From your ISMS.online application in Azure, go to Single Sign-On > SAML
  2. Scroll to Attributes & Claims, then click Edit
  3. Configure attributes as follows:


Attribute Name

Source Attribute

email

user.mail

firstName

user.givenname

lastName

user.surname


  1. Under Unique User Identifier (Name ID):
    • Set the Name Identifier Format to Persistent
    • Set the Source Attribute to user.objectid

3. Accessing ISMS.online via SSO

Once SSO is configured, your team will access ISMS.online via a custom subdomain, rather than the standard login page.

For example:
 https://<ORGANISATION>.isms.online

This ensures that your users are automatically redirected to the correct identity provider during login.

4. New User Templates

ISMS.online SSO includes New User Templates, which enable automated provisioning of new users with appropriate access and work areas on their first login.


See here to find out how to utilise New User Templates.


Additional Technical Notes

  • Either the assertion, the response, or both must be signed.
  • SHA-1 and SHA-256 are supported. We recommend SHA-256 as best practice.
  • SSO can be initiated from either the Identity Provider or Service Provider.
  • Encrypted assertions are not supported.

If you have questions at any point or need further assistance, please contact our support team at support@isms.online. We’re here to help.