Voyado Engage supports federated login using Single Sign-On (SSO) via the customer’s own identity provider (IdP), such as Microsoft Entra ID.
This allows users to authenticate using their existing organizational credentials instead of having to create separate accounts for Engage.
Interested in giving this feature a try? Talk to your Account Manager.
Benefits of using SSO
- Centralized identity management: Authentication is handled by your internal IdP.
- Reduced need for password management: Users log in using their corporate credentials.
- Support for Multi-Factor Authentication (MFA): Engage follows the MFA settings defined in your IdP if an enterprise connection is used.
- Improved access control: Only assigned users in your IdP can log in to Engage.
- Reduce administrative work in multi-tenant setups: Seamlessly log in between your different Engage instances.
The Engage username is the identifier from the Engage side. By default, this is mapped to Name ID (If that claim exists in the customer's Entra setup). If the customer want to use another custom claim, this can be done also, but requires some extra manual mapping in the Engage back-office.
What you need to do
To enable Enterprise SSO, create two SAML app registrations in Microsoft Entra ID:
- One for Staging
- One for Production
You will need help from your Voyado Team, who will provide all required configuration values, including:
- Entity ID
- Reply URL (ACS)
- Sign-on URL
After creating the app registrations:
- Assign the appropriate users or groups to each app
- Ensure that the username in Engage matches the UPN or NameID claim sent from your IdP
- Share the Federation Metadata URL for both staging and production with Voyado