🔐 Setting up Single Sign-On with Microsoft Entra ID

Centralized login for E-Coach using your Microsoft business account

Single Sign-On (SSO) uses a central identity provider to log into various applications. This eliminates the need for separate credentials for different programs.

E-Coach supports Single Sign-On via Microsoft Entra ID (formerly Azure Active Directory). This allows users to log into E-Coach using their Microsoft business account. Requirement: The Microsoft email address must be stored as the login address in E-Coach.

Overview of Required Steps

1E-Coach must be registered as an application in your Microsoft Entra ID

2SSO must be activated within E-Coach

Register App in Entra ID

1. Navigate to the Entra ID Portal

Open https://entra.microsoft.com and select the following in the left-hand menu:

→ Entra ID section

→ App registrations

→ New registration button

App registration in Entra ID

2. Configure App Registration

• Name: Use, for example, "E-Coach" (the name is for identification and can be freely chosen)

• Supported account types: Select Single Tenant

• Redirect URI:

→ Type: Web

→ URL: https://api.ecoach.cloud/api/sso/entra-id/callback

⚠️ Important: Ensure there are no spaces before or after the URL!

Click Register to finish.

App registration configuration

3. Note Important IDs

From the overview page, you need the following values. Copy these for later use:

✓ Application (client) ID

✓ Directory (tenant) ID

Application and Directory IDs

4. Create Client Secret

For E-Coach to use the app registration, a Client Secret is required:

• Navigate to Certificates & secrets

• Click on New client secret

• Assign a name, e.g., "E-Coach SSO"

• Select an expiration period

⏰ Warning: Before the expiration date, you must create a new secret and update it in E-Coach!

After creation, two important values are displayed:

✓ Secret ID

✓ Secret Value

🚨 Critical: The Secret Value is only displayed once and will not be visible again. Copy both values immediately!

Create Client Secret

✅ Registration Complete

You should now have the following four values available:

1. Tenant ID

2. Client ID

3. Secret ID

4. Secret Value

Activate SSO in E-Coach

After registering the app in Entra ID, the configuration must be updated in E-Coach to use SSO. This is done via the REST API.

API Call for SSO Activation

curl -X POST "https://api.ecoach.cloud/api/sso/entra-id/config" \
  -H "Authorization: Bearer your-secret-auth-token-here" \
  -H "Content-Type: application/json" \
  -d '{
    "tenantId": "07e1****-****-****-****-********823e",
    "clientId": "1872****-****-****-****-********c53e",
    "secretId": "dab2****-****-****-****-********9a71",
    "secretValue": "Tzq******************"
  }'

Parameter Mapping

• tenantId: Your Directory (Tenant) ID

• clientId: Your Application (Client) ID

• secretId: Your Secret ID

• secretValue: Your Secret Value

ℹ️ Note: You must authenticate yourself before using the REST API. Replace your-secret-auth-token-here with your actual authentication token.

Further Information

📚 REST API Authentication

Learn how to authenticate for API requests

🔐 Security Guidelines

Best practices for secure SSO configuration

💬 Need Support?

Our support team is happy to help you set up Single Sign-On. Contact us via your support portal.

Related to