# Single Sign On (SSO) If you would like SSO enabled for your organization's service desk, please contact TicketLog support. Single Sign On with TicketLog is only available: * With TicketLog Pro * For service desks with a [custom domain](/documentation/administrators-guide/custom-domain.md) * For Microsoft Entra ID as your identity provider (Idp) ## Setup SSO with Entra ID To setup SSO on your Entra ID tenant, follow these steps: 1. Add a new App Registration to Entra * Name it "TicketLog SSO" * Single tenant * Redirect URI (Web): * Record the **Application (client) ID** 2. Create a Secret * Select **Certificates & secrets**, and then select **New client secret**. * Enter a **Description** for the secret, select an expiration, and then select **Add**. * Record the **Value** of the secret 3. Assign users * Either add users and groups to the application who you want to have access to TicketLog, or set 'Assignment Required' to No. * Note, this does not automatically create TicketLog accounts. Each account is created at the time of first sign in to TicketLog. 4. Set branding & properties (optional) * Set a logo and homepage for the application. This can be used in your Enterprise My Apps page (additional configuration is required). 5. Add token claims * Select **Token configuration**. * Select **Add optional claim**. * For the **Token type**, select **ID**. * Select the optional claims to add: `email` ,`family_name` and `given_name`. * Select **Add**. * If **Turn on the Microsoft Graph profile permission (required for claims to appear in token)** appears, enable it, and then select **Add** again. 6. Pass details to TicketLog * Pass the following details to TicketLog: * **Application (client) ID** from above * Secret **Value** from above * Tenant **primary domain** * This is not the name of the tenant. * In Azure portal or Entra Admin portal, primary domain appears here:
* If you don't have a primary domain, we can also accept your \*.onmicrosoft.com domain or your Tenant ID. However, a custom domain name is better as it provides a hint to the login process to improve the sign-up and sign-in process. Please note: * When adding users to Entra, ensure you also set the Email property. Doing so will simplify the user's signup experience. * When users first sign in to TicketLog using SSO, they will be faced with a signup screen. They need to confirm their email address by sending a verification code. * Please instruct users to follow the on-screen instructions, and ask they do NOT alter the email address. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.ticket-log.com/documentation/administrators-guide/single-sign-on-sso.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.