How to Set up Microsoft Entra ID SSO with Azure Entra ID

SciNote provides a user-friendly, self-service setup option for configuring Single Sign-On (SSO) on your instance.

To learn how to enable SSO inside SciNote, start with this article. 

To set up your SSO start by registering the Application in Azure Entra

1. Log in to the Azure Portal
2. Navigate to Microsoft Entra ID in the left-hand menu.
3. In the Manage section, go to App registrations.
4. Click + New registration .
5. Fill out the details:

   1. Name : Provide a name for your application, such as SciNote App.

   2. Supported account types : Choose the appropriate option based on who can sign in (e.g., organizational directory, personal accounts, etc.).

   3. Redirect URI : Select Web platform type and specify the URL to which Azure Entra will redirect users during sign-in process. (e.g., https://<yourinstancename>.scinote.net/users/auth/customazureactivedirectory/callback).

6. Click Register to complete the process.

Configure Authentication:

1. In the newly created application, go to the Authentication tab in the left-hand menu.
2. Enable ID tokens if they are not already enabled. Ensure the "Implicit grant and hybrid flows" section has "ID tokens" checked.
3. (Optional) Add Signatures redirect URL if you would like to sign tasks with SSO:

   1. Under "Redirect URIs," click + Add URI .

   2. Enter your Signatures redirect URI (e.g., https://<yourinstancename>.scinote.net/electronic_signatures/azure_signing_callback) and click Save.

Retrieve Application Credentials:

1. Go to the Certificates & Secrets tab in the left-hand menu.
2. Under "Client secrets," click + New client secret .
3. Provide a description and expiry duration for the client secret, then click Add .
4. Copy the generated Value (not Secret ID!) immediately (this is your client_secret). You won’t be able to view it again later.
5. Note down these values:

   1. Application (Client) ID : Found on the application overview page.

   2. Application (Client) Secret : Generated on the previous step. (e.g., client_secret)

   3. Directory (Tenant) ID : Found on the application overview page.

   4. OpenID Connect metadata document : Found on the application overview page, click Endpoints button

Map Custom Attributes (email, first_name, last_name)

When Azure issues an ID token, it includes standard claims. To retrieve the email, first_name, and last_name attributes:

1. Ensure the user has these attributes populated in their Azure profile (in Azure Portal → Azure AD → Users → Select User → Edit Properties).
2. Customize the claims if necessary:

   1. Go to the App registrations page and select your application.

   2. Navigate to Token configuration → + Add optional claim .

   3. Select ID as the token type and add the following claims:

      1. email

      2. given_name (mapped to first_name).

      3. family_name (mapped to last_name).

   4. Click Add to save.

   5. Confirm required permissions in order to include these attributes in ID tokens.

Configure SciNote Application:

1. In SciNote navigate to Organization Settings page
2. Scroll down to Single sign-on (SSO) section and select Microsoft Entra ID.
3. Configure the following parameters:

   1. Application ID : Your Application ID from Step 3.

   2. Tenant ID : Your Tenant ID from Step 3.

   3. Client Secret : Your client secret from Step 3.

   4. OpenID Connect metadata document : Your OpenID Connect metadata document URL from Step 3.

   5. Enable sign in label : enter desired label for sign in button, for example Sign in with Entra ID.

   6. Enable signing tasks with SSO: check it if you would like to sign tasks with SSO and you added Signatures redirect URL on Step 2.

4. Click Save button

---

If you have any questions, contact us at support@scinote.net. For more information about the Premium plans, please request a quote.