Setting up the Enta-ID

To manage your employees’ access to deskONE, you have the option of activating single sign-on (SSO) with Microsoft Entra ID. This allows your employees to log in conveniently with their Microsoft accounts.

Your Benefits

Increased Security

Reduce the number of login credentials in your company and enforce your security policies such as multi-factor authentication.

Increased Comfort

Using SSO, it is no longer necessary to invite new employees to deskONE. Once configured, all your employees can use deskONE immediately. You can restrict this if required. Read about it in the “Access Restriction” section.

Using SSO, your employees have a better user experience as there is no need to enter an additional password.

Setup

1. For setting up SSO via Entra ID, navigate to the corresponding settings page in deskONE (You have to be logged in with the “owner” role to access it).
2. Click on “Add Entra ID Tenant”: You will be redirected to Microsoft and have to log in with an administrative account.
   • Use an account that is privileged to grant tenant-wide admin consent to an application. You can review the required roles in the Microsoft documentation.
3. You will now be taken to the consent prompt. This view lists the permissions that are required to use deskONE with SSO in your company. Check the requested permissions and confirm them to continue.
4. After accepting, you will be automatically redirected to deskONE. The last step is to confirm the Tenant ID. To be safe, please compare the transferred ID with your Tenant ID, which you can view in the Microsoft Entra Admin Center.
5. Ready! Your employees can now use deskONE with SSO.

Good to know

Assigned Priviliges

The first time your employees log in to deskONE via SSO, they start with the “user” role. This means that they receive the minimum set of permissions to be able to use deskONE immediately. You can assign a different role to users after their first login or send them an invitation containing a privileged role before their first login.

Already existing users

Do your employees already use deskONE via e-mail address and password? No problem, you can easily switch over at a later date. Simply set up SSO for your company as described above. Users who already have accounts in deskONE are guided through a process that links their accounts when they log in with SSO for the first time. This means that employees retain their data, such as their bookings, personal settings or their role.

Management of your enterprise application „deskONE SSO“

By agreeing to the use of SSO and the associated permissions, a new enterprise application with the name “deskONE SSO” is created in your Entra ID tenant. You can view it in the Microsoft Entra Admin Center. Use it to make additional configurations or view permissions and sign-in logs if required.

Access Restriction

Using the default configuration, every employee in your company is allowed to log in to deskONE via SSO as soon as you have made the configuration.

If this setup does not meet your requirements, you can easily restrict the access:

1. Login in to the Microsoft Entra Admin Center and select the enterprise application “deskONE SSO”
2. Enable the option „Assignment required“
3. Then assign individual users or groups to the application so that only they have access to deskONE via SSO

Deleting an SSO connection

You can delete the SSO connection to an Entra ID tenant at any time.

The prerequisite for this is that you no longer have any users in deskONE who use SSO in the respective tenant. Therefore, first delete all users in the user management that are assigned to the tenant which will be deleted. The deletion of these users cannot be undone.

Deleting an SSO connection in deskONE does not delete the enterprise application “deskONE SSO” in Entra ID and the assigned permissions remain in place. To completely remove the trust relationship between deskONE and your Entra ID tenant, revoke the permissions and remove the application in the Microsoft Entra Admin Center.