Skip to main content

Single Sign-On

Updated

Administrate supports Single Sign-On (SSO) for:

  • Administrate Core – staff Users logging in to the TMS
  • Administrate LMS – learners logging in to the LMS

Administrate uses OpenID Connect (OIDC), an industry-standard protocol for authentication.

Enabling SSO allows users to authenticate using an external identity provider, reducing the need to manage separate credentials.

Single Sign-On configuration

Use SSO for Administrate Core and/or Administrate LMS

Activating providers

After configuring a provider, you control where it applies:

  • Enabled for Core – allows staff Users to log in to Administrate using SSO
  • Enabled for LMS – allows learners to log in to the LMS using SSO

Update Provider dialog box

Update Provider dialog box

Google SSO

Google SSO is preconfigured in Administrate. To use it:

  • Enable it for Core and/or LMS
  • A Login with Google button will appear on the login page

Login with Google button

Log in to Administrate using Google credentials

On first login, users must grant permissions to Administrate.

First time signing in through Google SSO

First-time Google SSO authorization

If login fails, users are returned to the login screen with the message: No user registered with this email address.

Google SSO error when no matching user exists

Failed login example

Set up Azure SSO

Azure SSO requires configuration in both Azure and Administrate.

Azure setup

  1. Sign in to Azure Portal.
  2. Navigate to Azure Active Directory → App registrations.
  3. Create or select an application.
  4. Add redirect URIs:
    • https://login.getadministrate.com/oauth2
    • https://identity.getadministrate.com/oauth2/finalize
  5. Copy the Application (client) ID.
  6. Create and copy a Client Secret.
  7. Copy the Directory (tenant) ID.
  8. Ensure permissions include Sign in and read user profile.

Administrate setup

  1. Open Control Panel → Login Configuration.
  2. Select Create Configuration → OAuth 2.0.
  3. Complete the fields:
  • Name: Azure SSO
  • Redirect URI: https://login.getadministrate.com/oauth2
  • OAuth2 Client ID: Azure Application ID
  • OAuth2 Client Secret: Azure secret
  • OAuth2 Auth URI: https://login.microsoftonline.com/<DirectoryID>/oauth2/authorize
  • OAuth2 Token URI: https://login.microsoftonline.com/<DirectoryID>/oauth2/token
  • OAuth2 Userinfo URI: https://login.microsoftonline.com/<DirectoryID>/openid/userinfo
  • Scope: openid profile email

Enable the provider for Core and/or LMS, then click Save.

If LMS mapping is required, contact Administrate Support .

Add a different SSO provider

Administrate supports any provider that uses OpenID Connect (OIDC).

Click + Add and enter the provider’s OAuth details.

Add Provider details screen

Add Provider details screen

Hint

Use Lookup issuer (for example, accounts.google.com) to auto-populate OAuth endpoints where supported.

Redirect URI defaults:

  • Core: https://identity.getadministrate.com/oauth2/finalize
  • LMS: https://identity.getadministrate.com/oauth2/finalize

Add a SAML 2.0 provider (TMS only)

Select SAML 2.0 from Create Configuration to configure a SAML provider.

Create SAML configuration

Complete the fields using your identity provider’s values, then contact Administrate Support to obtain:

  • Single sign-on URL
  • Audience URI (SP Entity ID)

SAML SSO is only available for the TMS (Core).

FAQ

I can’t log in through SSO

Ensure the email address in Administrate matches the one provided by your identity provider.

Example: user@company.com vs user@googlemail.com will fail.

Resources

OpenID Connect – official documentation

Related to

Related articles