Currently we are experiencing a disruption of services on our Online platform. We are investigating the issue.
TimeTell will be closed on December 25th, 26th and 27th, and on January 1st.

Configure SSO for TimeTell neXt

Modified on Sat, 9 Nov at 1:45 PM

For TimeTell neXT Single-Sign-On (SSO) is configured slightly different compared to TimeTell 9, For now we only support Microsoft Entra ID. If there is a need for other SSO providers we will investigate that as long as the provider supports Open ID Connect. 


Getting started


TimeTell will:

  1. Provide the Redirect URL
  2. Configure the users in TimeTell


Customer will provide:

  1. Directory/TenantID
  2. Appliction/ClientID
  3. ClientSecret (the value not the ID)


Configure Microsoft Entra ID

In Microsoft Entra ID the following parts will be configured:

  • App registration
  • Authentication
  • Certificate & secrets
  • Token configuration


App registration


Do not start from an Enterprise application to create the app registration. But really start from an application registration (that will also create an enterprise application for it). The login will not from if you start from an Enterprise application as Microsoft will expose certain data in a different way not supported by TimeTell.


From the organization Overview page click App registrations

 

Click New registration:

  • Name, use TimeTell (recommended name)
  • Supported account types, select the appropriate option, we tested with Accounts in this organizational directory only.
  • Redirect URI, skip


Authentication


Within the created application click Authentication:

  • Click Add a platform
  • Click Web
  • Redirect URI, use the value that was provided to you by TimeTell
  • Front-channel logout URL, leave blank


Certificate and Secrets


Click Certificates & secrets:

  • Certificates, leave as is
  • Client secrets, click New client secret:
    1. Description, TimeTellSecret (recommended name)
    2. Expires, set to 24 months (or any value required by company policy)
  • Now copy and store the text shown under Client secrets, TimeTellSecret, Value. This will not be shown again.
You should make note of the expiration date of the secret and create a new secret a week (or more) before expiration and share it with TimeTell. This will prevent users cannot logon anymore once the secret expires. 


Token configuration


  • Go to Token configuration
  • click Add optional claim
    1. select ID and 
    2. check email then
    3. click Add.

 

A question will be asked to configure OpenId Connect scopes to be configured. 

  • Check the Turn on the Microsoft Graph profile permission (required for claims to appear in token) then 
  • click Add.

Verify API Permissions

  • Go to API Permissions
  • Under the API / Permissions name table you should see:
    1. Microsoft Graph
      • Email: Status, Granted for <your organization>
  • If it is not yet granted click the Grant admin consent for <your organization> above the table.


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article