Skip to main content
Skip table of contents

Integration with SSO providers

Schrift supports integration with various SSO (single-sign-on) providers.

Many customers need this feature if they use a company-managed service to manage employee access to the company's information resources.

The Schrift system supports integration with Auth0 and Azure AD services. We are ready to expand the range of such services if our customers have relevant needs.

A user logged in with a login and password or a Google/Apple account gets access to all companies in which they have valid appointments as an employee, except for companies to which access is configured via SSO. To access a company where integration with one of the SSO providers is activated, the user must log in with their account in this SSO service.

If the user is authorised only with SSO, he or she will get access only to the corresponding company. To access other companies and the user's account in the Schrift system, they need to log in with a username and password or with a Google/Apple account.

Integration settings

To set up the integration, go to Settings > Company account > Integrations.

Please note that when you activate the integration with Auth0, access to the company will be suspended for all employees until they log in to their SSO account.

Setting up integration with Auth0

Enter the client data from the Auth0 service in the appropriate fields in the integration setup plate. To get the necessary data for configuration:

  1. Log in to the Auth0 control panel.

  2. Go to the Applications section.

  3. Select or create an application (for example, Font).

  4. The Settings tab contains the integration data, such as Client ID, Client Secret, and Domain.

  5. Copy this information into the appropriate fields.

Setting up integration with Microsoft Entra ID

Microsoft Entra ID used to be called Microsoft Active Directory or Azure AD.

Enter the client data from the Microsoft Azure service in the appropriate fields in the integration setup plate. To get the necessary data for configuration:

  • Log in to the control panel http://portal.azure.com: Home > App registrations. Select or create the desired application (for example, Schrift) and go to the Overview section. Copy the value from the Application (client) ID field and paste it into the Client Id field (in the Schrift).

image-20241123-154625.png

  • Go to the “Endpoints” tab. Copy the value in the “OpenID Connect metadata document” field and paste it into the Domain URI field (in Schrift).

image-20241123-154538.png

  • Go to Client credentials by clicking on the corresponding value. Create a value for “+ New client secret”, copy its Value and paste it into the Client Secret field (in Schrift).

image-20241123-155240.png

In your Microsoft Azure Applications > Schrift > Manage > Authentications account, go to Add platform > Web and enter a link in the Redirect URIs field:
https://accounts.ostrean.com/sso-callback

Save the settings and activate the integration service.

Authorization by SSO

To access a company where the corresponding SSO integration is activated, you need to specify the company ID or name (if a custom domain name is used in the company settings).

If the ID or company name is entered correctly, Schrift will automatically detect the SSO provider that is being used and direct the user to the authorisation form for this provider. If the user has already been authorised with this provider in the same browser, access to the company will be granted immediately.

When a user logs in for the first time to a company where they have been added as an employee, you do not need to email them an invitation. It is enough to specify their email in the employee's data.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close