CATEGORY: Settings

Enabling SSO with Microsoft 365: Administrator Guide

This guide is intended for your IT support team to enable authorised e-shot users to sign in to e-shot by using their Microsoft 365 credentials. This means that you will use Single Sign-on (SSO) to log in to e-shot. 

Advantages: 

• Users’ access is managed by your organisation, if someone leaves, they will no longer be able to log in to e-shot. 

• Your IT team are in charge of the authentication requirement to Microsoft 365. 

• Using Single Sign-on means that users do not require to remember another username and password. As long as they can authenticate with Microsoft, they will be able to access e-shot. 

 

Important: 

• Although the authentication is enabled by Single Sign-on, all e-shot users must be set up in the e-shot user management system to set up their specific role and permissions in e-shot account. 

Conditions: 

• Your organisation uses Microsoft 365, and all users have credentials to sign in to their Microsoft 365 products. 

• Your organisation is blocking third party applications by default when using a Microsoft 365 sign in (you may need to confirm with your IT). 

• The Microsoft Administrator does not require e-shot user credentials to set this up. 

What do you need to do:

Your Microsoft 365 Administrator needs to authorise and give administrative consent to allow e-shot to authenticate your users with their Microsoft 365 credentials. 

 

Please follow these steps:

1.   Go to the e-shot login page and click ‘Sign in with Microsoft’.

2.   Sign in with your Microsoft 365 Administrator credentials

3.   You will be presented with the Permissions requested screen, check the Consent on behalf of your organisation checkbox and click accept. 

This will allow other users to now sign in with their Microsoft 365 credentials, provided these users are set up in the e-shot account first. The e-shot account administrator will manage this. 

4.   You will see the message email unrecognised (this is ok because the Microsoft administrator does not need to be an e-shot user). 

5.   Ask the e-shot administrator to test that they can now sign in to e-shot using their Microsoft login. 

Disclaimer: 

• The recommendation in this guide may change from time to time based on Microsoft functionality changes. 

• Our technical team can offer help, but they will NOT be able to set it up for you as they do not have the required authority in your organisation. 

Restrict access using Microsoft credentials (Single Sign-On) 

Once the above steps have been completed by your IT team (Microsoft 365 Administrator). The e-shot administrator can login and enforce Single Sign-on for all users. 

 To do so head to Settings > Account settings > Security. Here you will find a toggle labelled Restrict access using your Microsoft credentials (Single Sign-On).  

 This can be seen below. To enforce this for all users, simply flick this switch from off to on. Doing so will mean all users need to use Single Sign-on to sign in to e-shot. 

Account admins of the e-shot account will find an audit of the actions performed with SSO on the same security tab as well as in the audit once it has been enabled.

Single Sign-on can be managed on an individual contact level if this option is not enabled, however we advice that Single Sign-on or MFA is enforced to all users use.