Skip to main content
All CollectionsPrivacy, Security & LegalSecurityAuthentification
Enable SSO authentication with Microsoft Entra
Enable SSO authentication with Microsoft Entra

Setting up SSO on your workspace using Microsoft Entra as a provider

Updated this week

This page describes the steps to follow to enable authentication of your workspace's users with Microsoft Entra.

SSO is only available to customers who subscribed to a "One" plan.

Initial information for Wisepops

Before connecting Microsoft Entra, we first need to set up a few things. Send a message to Wisepops' support with the following details:

  • Allowed email domains: Provide us a list of email domains that are allowed to log in using SSO. Email addresses that do not match are denied access. For example, if the user's email addresses have this format: username@example.com, the domain example.com should be allowed. We only accept enterprise domains, not generic domains like gmail.com.

  • Just In Time: With this feature, users using SSO are created on Wisepops if they don't already exist, without needing to be invited. They're created with the "Editor" role, with access to all the websites of the workspace. You can choose to disable this feature, so that new users must be invited to Wisepops before they can log in with SSO.

Once the SSO connection has been set up on Wisepops, we will provide you with the following information:

  • An initiate URI

  • A redirect URI

You will need these URIs to configure Wisepops SSO in Microsoft Entra.

Set up the Wisepops App in Microsoft Entra

Now that you have an initiate URI and redirect URI for Wisepops, let's create an authentication application in your Microsoft Entra account. You must be an administrator of your Microsoft organization with access to the Entra Admin to perform this action.

Visit the Microsoft Entra admin center.

Go to Identity > Applications > App registrations, then click New registration.

  • Set the Name to Wisepops.

  • In Supported account types, ensure that Accounts in this organizational directory only is checked.

  • In Redirect URI, select Web, and paste the redirect URI provided by Wisepops in the field (the URI containing /callback/).

  • Click Register.

In the app's page, go to API permissions, and click the Microsoft Graph permission group.

Make sure "email" is checked, then confirm by clicking Update permissions.

In Branding & properties, fill the Home page URL with the initiate URI provided by Wisepops (containing /initiate/).

Click Save.

Final information for Wisepops

Now that your Microsoft Entra app for Wisepops is ready, let's connect the dots by providing the new Microsoft app details to the Wisepops support.

Creating a secret

In Certificates & secrets > Client Secrets, click New client secret.

  • Set the Description to "Wisepops SSO Secret".

  • Set the longest expiration delay available.

  • Click Add.

Copy the secret you just created.

Retrieving the Client ID and OpenID connect metadata document

In Overview

Copy the value for Application (client) ID.

In Overview > Endpoints

Copy the OpenID Connect metadata document.

Finalizing the SSO setup

Send us a message with the following information:

  • The Application (Client) ID

  • The OpenID Connect metadata document URI

  • The Secret value

The Wisepops support will come back to you once the SSO is enabled for your Wisepops workspace.

Once you have confirmed that the SSO works well, and you can log into Wisepops with it, you can ask us to require SSO for all users of your workspace. This option enforces login with SSO, and disable all other authentication methods (such as Google Sign-in and magic link email).

We recommend that you only activate this option once we are sure that SSO is correctly configured, to avoid being locked out of your Wisepops account.

Related Articles
Enable SSO authentication with Okta
Did this answer your question?