Skip to main content
Single Sign-On (SSO)

Using SSO to access Envoke

Zoltan Wagner avatar
Written by Zoltan Wagner
Updated this week

SSO is currently in beta release, available upon request. Please start a support chat and ask for SSO to be enabled for your account.

Envoke SSO currently works with Microsoft Entra ID, formerly known as Azure Active Directory.

SSO is not available on the Standard billing plan.

Login link

While SSO is in Beta the login link is: https://login.envoke.com/ssologin.html

Microsoft account requirement

An MS Entra (Microsoft Entra ID P1 or more) account is required.

Steps to enable SSO

Enable SSO from the Security section on your Account Settings page and enter the Entra Tenant ID:

Next, link your own user with your MS account on your user profile page or use the link on the Security page. This will direct the user to authenticate on MS and asks for permission for using the Envoke account.

You can make SSO required for other users of your account.

Signing in with SSO

If SSO is set as optional

  • On the next login, on the SSO login page, the user can pick to login via username and password or via SSO by clicking the Sign In with Microsoft button.

If SSO is set as required

For existing users

  • On their first login, once SSO is set to required, exiting users must login one last time with their username and password. Then they will be prompted to link their MS account by clicking "Continue".

  • On their next login, on the SSO login page, the user can only login via SSO by clicking the Sign In with Microsoft button. Entering a username and password will result in an error.

For new users

  • New users will be sent an invite email as previously, but the link in the email will redirect to the MS account login. Once they enter their MS credentials the accounts will be linked.

  • On their next login, on the SSO login page, the user can only login via SSO by clicking the Sign In with Microsoft button. Entering a username and password will result in an error.

SSO login

  • When user clicks the Sign In with Microsoft button on the SSO login page they will be redirected to the MS authentication window. They login to MS and are automatically directed to their Envoke account.

  • If already signed in to MS they will simply be redirected to their Envoke account

Removal

  • User accounts can be unlinked on the users edit page or the user's profile page. Unlinked users can relink their own accounts and once again have access.

  • The MS admin can also revoke a user from using the Envoke Application in MS. This will immediately logout the session Revoking the Envoke Application access inside MS and making the feature required for all users is the only way to restrict access to this feature.

Restrictions

  • Only one MS account can be enabled per user

  • Only one user per MS user, there is an error if another user tries to link the same account.

Did this answer your question?