Setting up Single Sign-On (SSO) with Microsoft Entra allows your team to access Productive using their existing Microsoft credentials. This improves security, simplifies user management, and reduces the need for multiple passwords.
Note: Before enabling SCIM for automatic user provisioning, you must first configure SSO in Microsoft Entra.
Follow the steps below to set up SSO and simplify authentication for your organization.
Step 1: Create a New Productive Application in Entra
Go to Enterprise Applications and click on New Application.
Search for Productive, click on the Productive tile, and then click Create.
Step 2: Check User Information for Automatic Provisioning
Ensure all your users have their first and last names set up.
Navigate to Users > All users and verify that each user has their first and last name assigned.
If not, click on the Edit button, go to the Identity tab, enter the user's first and last names, and click Save.
Step 3: Assign Users to the Application
To allow users to log in via Entra SSO, assign them to the newly created application.
Select your application, navigate to Users and Groups, and click on Add user/group.
Select all the users you want to allow to sign in via Entra SSO, click on Select, and then click on Assign to finalize the selection.
Step 4: Copy SSO Data from Productive to Entra
Navigate to Single sign-on and choose SAML as the single sign-on method.
Click the Edit button in the Basic SAML Configuration section.
Go to Productive Single Sign-On settings and copy the Audience URI value.
Return to Entra and paste the value into the Identifier (Entity ID) field. Delete any other entries and mark this one as default.
Go back to Productive settings and copy the Single sign-on URL.
Return to Entra, paste it into the Reply URL (Assertion Consumer Service URL), and click Save.
Step 5: Copy SSO Data from Entra to Productive
Under SAML Certificates, copy the App Federation Metadata URL.
Go to Productive SSO settings and paste it into the Metadata URL field.
Return to Entra and copy the Login URL.
Go to Productive SSO settings and paste it into the Identity Provider Single Sign-on URL.
Click on Enable SSO.
Step 6: Set Up Attributes for Provisioning in Entra
Click on Edit in the Attributes & Claims section.
Click on the required claim.
Click on Source Attribute and select "user.mail" from the dropdown. Click Save.
In the Additional Claims section:
Click on the item with the value "user.givenname". Set the Name as first_name, and remove the value from Namespace. Click Save.
Click on the item with the value "user.surname". Set the Name as last_name, and remove the value from Namespace. Click Save.
Step 7: Test SSO
Return to your Entra Productive application, click Single sign-on, and then click Test at the bottom.
Click on Test sign in.
Alternatively, go to the Productive login screen and click Use single sign-on (SSO) to test the setup.
Sync Users Between Microsoft Entra and Productive with SCIM
After setting up SSO, you can enable SCIM (System for Cross-domain Identity Management) to automatically sync user accounts between Microsoft Entra and Productive.
With SCIM, any changes made in Entra—such as adding, updating, or removing users—are automatically reflected in Productive, reducing manual work and ensuring only the right people have access.
To set up SCIM, follow the steps outlined in Automatically Sync Users Between Microsoft Entra and Productive with SCIM.