Setting up Single Sign-On (SSO) for ISMS.online allows your organisation to integrate your identity provider (IdP) for seamless user authentication. This process requires technical details from your IdP, so you may need support from your IT or systems team.
Note: Entra ID is the new name for Azure Active Directory.
ISMS.online currently supports the following identity providers:
1. How to Obtain Identity Provider Information
You can either send us your Identity Provider (IdP) metadata file or follow the manual steps below to configure SSO using Entra ID.
Step-by-Step Guide:
1. Create a New Application
- Sign in to the Azure Admin Portal
- Navigate to Azure Active Directory > Enterprise Applications
- Choose Create your own application, name it (e.g. ISMS.online), and select Integrate any other application you don’t find in the gallery (Non-gallery).
- Click Create
1.2 Assign Users and Groups
Once the application is created:
- Go to your app's Overview page
- Under Getting Started, click Assign users and groups
- In the left-hand menu, click Single Sign-On
- Select SAML as the sign-on method
1.4 Add ISMS.online Settings
Apply the following values in the Basic SAML Configuration section. If you’ve already set a custom subdomain, use the same value for <ORGANISATION>.
Global (default) region:
- Assertion Consumer Service (ACS) URL:
https://<ORGANISATION>.isms.online/sso/saml2 - Entity ID:
https://<ORGANISATION>.isms.online/sso/saml2/sp
APAC region:
- ACS URL:
https://<ORGANISATION>.r2.isms.online/sso/saml2 - Entity ID:
https://<ORGANISATION>.r2.isms.online/sso/saml2/sp
North America region:
- ACS URL:
https://<ORGANISATION>.r3.isms.online/sso/saml2 - Entity ID:
https://<ORGANISATION>.r3.isms.online/sso/saml2/sp
EU region:
- ACS URL:
https://<ORGANISATION>.r4.isms.online/sso/saml2 - Entity ID:
https://<ORGANISATION>.r4.isms.online/sso/saml2/sp
You can choose your organisation's subdomain (e.g. facebook.isms.online) during setup.
1.5 Provide Required SSO Details to ISMS.online
After configuration, please send us the following information:
- The subdomain you set (if different from your current platform subdomain)
- The Login URL (SSO Target URL)
- The Azure AD Identifier (Entity ID)
- The Security Certificate in base64 format
If your certificate is expired, create a new one and activate it via the three-dot menu in the certificate section.
All SSO requests should initially come from an Organisation Admin. You can email these details to support@isms.online or contact us via live chat
In Entra ID:
SSO Target Url = Login URL
Entity ID = Azure AD identifier
2. Mapping Attributes in Entra ID
To ensure successful SSO login, you must correctly map the user attributes.
Attribute Mapping Steps:
- From your ISMS.online application in Azure, go to Single Sign-On > SAML
- Scroll to Attributes & Claims, then click Edit
- Configure attributes as follows:
Attribute Name | Source Attribute |
user.mail | |
firstName | user.givenname |
lastName | user.surname |
- Under Unique User Identifier (Name ID):
- Set the Name Identifier Format to Persistent
- Set the Source Attribute to user.objectid
3. Accessing ISMS.online via SSO
Once SSO is configured, your team will access ISMS.online via a custom subdomain, rather than the standard login page.
For example:
https://<ORGANISATION>.isms.online
This ensures that your users are automatically redirected to the correct identity provider during login.
4. New User Templates
ISMS.online SSO includes New User Templates, which enable automated provisioning of new users with appropriate access and work areas on their first login.
See here to find out how to utilise New User Templates.
Additional Technical Notes
- Either the assertion, the response, or both must be signed.
- SHA-1 and SHA-256 are supported. We recommend SHA-256 as best practice.
- SSO can be initiated from either the Identity Provider or Service Provider.
- Encrypted assertions are not supported.
If you have questions at any point or need further assistance, please contact our support team at support@isms.online. We’re here to help.