Skip to main content

Set up single sign-on (SSO) in edyoucated with Microsoft Entra ID

Learn how to register a new application in Microsoft Entra ID and set up the integration.

Updated this week

Create a new application in Entra ID

  1. In the Microsoft Entra ID admin center, go to Microsoft Entra ID > App registrations.

  2. To register a new application such as edyoucated, click New registration.

  3. In the Name field, enter a name for the application, for example "edyoucated SSO".

  4. Under Supported account types, select the account type that can use the application or access the API.

  5. Paste the following Callback URI from edyoucated into the field under Redirect URI (like described here):

    https://authentication-prod-edyoucated.auth.eu-central-1.amazoncognito.com/oauth2/idpresponse

  6. Ensure that Web is selected from the drop-down menu as the redirect type.

  7. To register the application, click Register.

A message will display to confirm that the application has successfully been created and you will be taken to the new application.

Set up integration details

Why a client secret is required

  • edyoucated uses the OAuth 2.0/OpenID Connect Authorization Code Flow. After the user signs in, our server receives an authorization code and exchanges it for tokens.

  • Because edyoucated is registered as a confidential client app, Microsoft Entra requires server-side authentication using a client secret to ensure only authorized applications receive tokens.

  • The secret is used only on the server side, stored securely, and authorized specifically for your app, so it does not pose a security risk.

Your edyoucated account manager now needs the following information from you:

The authorization URI

  1. In the new application that you have created in Microsoft Entra ID, go to Overview > Endpoints and click Endpoints.

  2. You'll find the value in the OAuth 2.0 authorization endpoint (v2) field. This should look something like: https://login.microsoftonline.com/<SOME_UUID>/v2.0/authorize

The client ID

  1. Then in the application that you have created in Microsoft Entra ID, go back to Overview.

  2. Copy the value that is listed for the Application (client) ID.

The client secret

  1. Then in the application that you have created in Microsoft Entra ID, go to Manage > Certificates & secrets.

  2. Select Client secrets.

  3. Then the Add a client secret drawer is displayed.

  4. In the Description field, enter a name for the client secret and choose the relevant expiry date from the Expires drop-down menu.

  5. Click Add.

  6. A page is displayed showing an overview of the application credentials. Copy the value listed under the Value column.

Send this information via a secure channel to your edyoucated account manager, so that they can set up the configuration for you.

Dual login mode (SSO + email/password)

Dual login mode allows users in the same organization to sign in either through your SSO provider or with an edyoucated email/password.

Note: Dual login mode is opt-in and can be activated for your organization by your edyoucated account manager. No changes to your Microsoft Entra ID app registration are required.

Why use dual mode

  • Provide a fallback login (email/password) next to SSO.

  • Support external collaborators who may not have access to your SSO.

  • Allow mixed onboarding flows while SSO is being rolled out.

How to enable

  1. Contact your edyoucated account manager and request activation of dual login mode for your organization.

  2. Once enabled, users can sign in using SSO or with their email/password according to your organization’s policy.

Operational notes

  • User invites and password reset emails continue to work for users who use email/password.

  • SSO users can keep using SSO as usual.

Related Articles
Create and manage events
Create and manage users
Integrate with Microsoft Entra ID (formerly Azure Active Directory)
Did this answer your question?