Documentation Index

Fetch the complete documentation index at: https://help.goveagle.com/llms.txt

Use this file to discover all available pages before exploring further.

Setting up Single Sign-On (SSO)

  • Updated on Jun 6, 2026
  • Published on Feb 11, 2026
  • 1 minute(s) read
Prev Next

Single Sign-On (SSO) lets your organization sign in to GovEagle with your existing Microsoft Entra ID (formerly Azure Active Directory) accounts. Users use one set of credentials; no separate GovEagle password is required for SSO users.

Prerequisites

  • Microsoft Entra ID admin access

  • GovEagle admin access and the ability to access the Single Sign-On tab in settings

Setup

The steps below will guide you through creating a new Microsoft Entra ID app registration and adding the corresponding SSO provider details to GovEagle.

Register a new app registration in Microsoft Entra ID

  1. Go to Azure Portal > App registrations > New registration to create a new app and give it a name (eg. “GovEagle SSO”)

  2. Under Redirect URI, select Web and enter the value https://goveagle.okta.com/oauth2/v1/authorize/callback

  3. From  Authentication > Implicit grant and hybrid flows, check both Access tokens and ID tokens

  4. From API permissions > Add a permission > Microsoft Graph > Delegated permissions, add and save these permissions:

    1. All OpenID permissions (email, offline_access, openid, profile)

    2. User.Read

  1. From API permissions page, select Grant admin consent

Create a new SSO Provider in GovEagle

Make sure to have browser windows open to both your Microsoft Entra ID app registration and GovEagle’s Add SSO Provider form (Settings > Single Sign-On > Add Provider) so that you can copy values from Microsoft Entra ID into GovEagle.

  1. From Microsoft Entra ID app registration Overview page, copy the Application (client) ID value and enter it into GovEagle’s Client ID field.

  1. Also from the Microsoft Entra ID Overview page, copy Directory (tenant) ID value and enter it into GovEagle’s Tenant ID field.

  1. Create a new client secret in Microsoft Entra ID from Certificates & secrets > New client secret. Copy the secret value and enter it into GovEagle’s Client Secret Value field.

  1. From Endpoints in the app overview, copy the OpenID Connect metadata document URL, and enter it into GovEagle’s OpenID Connect Metadata URL

  1. In GovEagle’s Add SSO Provider form, select which email domains are associated with this SSO provider.

  2. Select Add Provider to save.

After following the steps above, users in your Microsoft Entra ID tenant can sign in to GovEagle via SSO. Your Microsoft Entra ID configuration controls which users can use this app.

Related articles