IT teams must secure access across users, devices, and locations, without slowing anyone down. Microsoft Entra ID (formerly Azure AD) serves as the core identity layer for many enterprises, enabling single sign-on to Microsoft 365 and numerous SaaS apps. However, it only handles authentication on its own.
While the Entra admin portal can feel complex and overwhelming, especially for smaller teams, Scalefusion OneIdP simplifies setup and user management.
By integrating with Entra ID, Scalefusion adds the missing layer: context-aware access that considers device health, OS version, location, and usage patterns.
Before you start
Ensure that you have checked the following essentials:
- Admin access: You have admin access in both the Scalefusion Dashboard and the Microsoft Entra Admin Center.
- Verified domain: The custom domain must be verified in OneIdP.
- User management: Users from that domain should be added to Scalefusion and assigned to OneIdP.
- Device enrollment: Devices are enrolled and managed via Scalefusion.
How to set up SSO for Microsoft Entra with Scalefusion OneIdP?
Prefer a written guide? Our setup guide walks you through it all, clearly and simply.
To create the SSO configuration in Scalefusion
- Log in to Scalefusion, go to OneIdP > SSO Configuration, and click New SSO Configuration to open the setup window.
2. Select Entra: In the pop-up window, choose Entra and click Configure.
3. This opens the SSO Configuration wizard on the left panel. Fill in all the configuration tabs.
a. Application Basics: Define access rules by user, device, and condition.
b. SSO Scope Management:
- Set SAML and logout rules to allow all imported users or only assigned ones.
- Define deprovisioning to auto-end sessions on assignment, unassignment, or SSO removal.
c. Permissions: Grant Azure admin access so OneIDP can authenticate users and enforce SSO.
After granting permissions, you’ll return to the Scalefusion Dashboard with green checkmarks showing success.
d. Conditional Access: Control access by allowing only managed devices or OTP verification, restricting browsers by type and version, and exempting specific users by email from device checks.
e. User Messages: Customize what users see if access is blocked.
Once all details are added, click Next.
3. Your configuration appears as a named card on the SSO Configuration page.
What the user gets:
➡ User tries to access an app from their device.
➡ OneIdP checks device, browser, and access rules set in the SSO configuration.
➡ User enters Microsoft Entra credentials on the OneIdP login screen (no separate Entra UI).
➡ Microsoft Entra verifies the credentials and sends a secure token to OneIdP.
➡ OneIdP evaluates session rules, conditions, and exceptions before approving access.
➡ User gains seamless, secure access to all allowed apps with a single sign-on.
➡ OneIdP enforces session policies like automatic logout or re-authentication as needed.
Benefits of integrating Microsoft Entra ID with Scalefusion OneIdP
OneIdP enhances Microsoft Entra SSO by adding device-centric security that Entra alone lacks. It enforces real-time device compliance, blocking rooted, jailbroken, or unmanaged devices before granting access. This closes security gaps beyond standard identity checks. It enhances security by adding browser restrictions, ensuring access only from trusted, up-to-date browsers for a safer, more controlled login experience.
The centralized User Portal of Scalefusion OneIdP lets employees sign in once to access all Entra-integrated apps, reducing password fatigue and streamlining workflows. It extends conditional access by evaluating device OS, IP, location, MFA, and other real-time signals, dynamically grouping users for precise, context-aware policies.
By continuously verifying identity, device, browser, and context, OneIdP delivers a zero-trust, adaptive access model that strengthens security while improving user experience, making it a smart upgrade to Microsoft Entra SSO.
Want to bring context to your Entra identity Stack?
Sign up for a 14-day free trial now.
