Enterprise SSO Integration

EON Platform · SSO

Enterprise SSO with Microsoft Entra ID

The EON Platform supports enterprise Single Sign-On (SSO) using Microsoft Entra ID (Azure AD). This allows your workforce users to authenticate with your existing enterprise credentials, while authorization (roles, orgs, permissions) is managed within the EON Admin Console.

Note: Custom integrations (such as additional identity providers or identity governance platforms) can be explored as a custom development initiative in partnership with your security and IAM teams.

How SSO Works

  • Authentication is handled by your enterprise Entra ID tenant.
  • The EON Platform trusts the authenticated identity via OpenID Connect / OAuth 2.0.
  • Authorization (roles, org membership, feature access) is managed inside the EON Admin Console.
  • EON processes only required OIDC claims (name, email, tenant ID) and does not modify your directory.

Just-in-Time (JIT) Provisioning

When a new user authenticates for the first time:

  • EON automatically creates their user record.
  • The user logs in without an assigned org.
  • Your EON administrator assigns the user to an org via the Admin UI or API.

Integration Steps

1. Request SSO Integration

  • Your Azure Entra tenant ID
  • Environment (Testing, Staging, Production)

EON will provide:

  • The EON Client ID for your region and environment
  • The Admin Consent URL

2. Grant Admin Consent

The Global Administrator must approve the EON enterprise app using the provided URL. Example:

https://login.microsoftonline.com/common/adminconsent
  ?client_id=d445bf1c-f956-43bd-8568-a2c4cdd31343
  &redirect_uri=https://app.testing.eon.xyz
  &state=testing

3. Assign Users or Groups

In Microsoft Entra ID:

  • Navigate to: Enterprise Applications → EON Platform
  • Under Properties, set Assignment Required? → Yes
  • Assign individual users or security groups

After assignment, users can authenticate using the EON login page for your region and environment.

4. User Login

  • Users logs into the correct region and environment
  • Example: https://app.testing.eon.xyz
  • EON maps users by email address
  • Roles and org assignments are configured in EON Admin Console

Support

  • Verify the user granting consent is a Global Administrator
  • Confirm user/group assignments
  • Email: support@eon.xyz
  • Portal: https://docs.eon.xyz