Enhance user authentication in Coefficient by integrating with SSO providers like Microsoft Entra, allowing IT teams to efficiently manage user access across the organization. This integration requires all users to log in via your Entra SSO provider before accessing Coefficient, ensuring enhanced security and streamlined user management.
*This feature is for Enterprise Plans Only*
Setting up Entra for Coefficient
Setting up Entra for Coefficient
ℹ️ NOTE: To use this feature, your Entra Admin/Coefficient Admin must first set this up for your domain. If you are unsure who your Entra Admin is, please contact your IT team for assistance.
Entra configuration
1. Go to the Microsoft Entra admin center (https://entra.microsoft.com).
2. From the left-hand navigation menu, select "App registrations", then click "New registration".
3. In the "Register an application" page, fill out the Name, Supported account types, and Redirect URI settings.
ℹ️ NOTE: Select Single tenant as the recommended account type. Only choose a multi-tenant option if users from multiple Microsoft Entra tenants need to authenticate. Then, select Web as the Redirect URI platform and enter the following Redirect URI: https://app.coefficient.io/api/oidc/login_callback.
4. Once the registration is successful, details about the created app will appear.
ℹ️ NOTE: Copy the "Application (client) ID" and "Directory (tenant) ID". You will need both values later during the Coefficient configuration process.
5. On the same page, choose "Certificates & secrets" from the menu bar on the left. Click the "+ New client secret" option in the "Client secrets" tab.
6. The "Add a client secret" window will appear. Enter a description to identify what the secret will be used for, select an expiration period, and click "Add".
ℹ️ NOTE: The maximum expiration period is 730 days (24 months), which is the recommended setting.
‼️PRO TIP: Create a calendar reminder to rotate the client secret before it expires to avoid authentication interruptions.
7. Copy the "Value". This is your Client Secret and will be required when configuring Entra SSO in Coefficient.
ℹ️ NOTE: This is only shown once. After you leave or refresh the page, it will be permanently hidden, and you’ll need to generate a new client secret. Make sure you copy the Value, not the Secret ID. The Secret ID is a separate identifier and cannot be used as the client secret.
8. The last thing you need is the "Issuer URL". This identifies your OpenID Connect (OIDC) identity provider. In Microsoft Entra, this URL is tenant-specific and is generated by adding the "Directory (tenant) ID" to this URL: https://login.microsoftonline.com/{tenant-id}/v2.0
Replace {tenant-id} with the Directory (tenant) ID that you obtained in step 4.
Example: https://login.microsoftonline.com/d049245b-148a-45b3-aeef-af55b1126f83/v2.0
Coefficient Configuration
|
1. Open the Coefficient Sidebar and click the Menu icon. |
2. Select "Admin". |
3. The "Admin" page will open in a new tab. Go to "Settings", and click "Configure" next to the "SSO authentication" option.
4. Select "Microsoft Entra" for the SSO Authentication Provider. Enter the Issuer URL, Client ID, and Client Secret that you obtained from the Entra Configuration steps, then click Save.
5. Next, you will be prompted to enable SSO. Please click "Yes, enable".
6. Keep the current window open and ensure you see the message confirming that Microsoft Entra SSO has been successfully saved and configured for your domain.
7. To verify the setup, open a new incognito browser window and go to the Coefficient Workspace (https://app.coefficient.io). Choose the "Sign in with Microsoft" option.
8. You should see the page below prompting you to sign in with Entra. Click the "Sign in with Entra" button and complete the authentication process.
If the login is successful, it means your Coefficient and Microsoft Entra integration has been configured correctly. Congratulations 🎉
FAQs for SSO with Entra
How can I access this feature?
This feature is currently supported for users on the Enterprise plan with Coefficient. Please have your Coefficient Admin reach out to support for assistance. (support@coefficient.io).