SSO

30/05/2025 11:46 am BST

Tags: SSO

To be able to use single sign-on (SSO) through Azure Active Directory (Azure AD) for an Eyelit application, the following steps

  1. Make a request to Eyelit to register for SSO.
  2. Login and accept the invitation.
  3. Configure user accounts in Eyelit UI to have the correct identifier.

Register for SSO

Registration only needs to be done once or if you change your Azure tenant. You will need the following:

  1. To make a request to support@eyelit.com to register for SSO. Include your tenant ID in the request.
  2. A person who has permission on your Microsoft Azure Portal to accept the 'Admin Consent' for app registration (Enterprise Application).

Get your Tenant ID

  1. Navigate to your Microsoft Azure, and click on Microsoft Entra ID.
  2. In the Basic information section, the Tenant ID field contains the ID that you need to copy and send to Eyelit.


Eyelit will register an app for each of your environments:

  • Production: E.g., APPREG-SSO-CUSTOMERNICKNAME
  • Test: E.g., APPREG-SSO-CUSTOMERNICKNAME-TEST
  • UAT: E.g., APPREG-SSO-CUSTOMERNICKNAME-UAT

Accept Invitation from Eyelit

The first time you login with SSO, an Admin Consent confirmation will pop up. Follow the instructions to accept the invitation. This needs to be repeated for each app (i.e., each environment) that Eyelit had registered for your company.

 View App Information

Once you have accepted the invitations (one for each app), your apps will be registered. Should you want to see details related to your apps, follow these steps:

  1. Open your Azure portal and navigate to the Enterprise applications page.
  2. Click on All applications in the left hand navigation and search for the app.
  3. Select the app which will display the overview page. For example, APPREG-SSO-CUSTOMERNICKNAME-UAT / Overview. Use the left hand navigation to access information about the application, such as, what data is shared with Eyelit.

If you have any questions, contact Eyelit support.

Verify your Settings in Eyelit

You can verify your SSO settings as follows:

  1. In the Eyelit UI, navigate to the Application Properties page and search for "sso".
  2. The SSO_TENANTLIST row that is displayed contains a Value column which contains your tenant IDs, each separated by a semicolon (;). You should see the one you sent to Eyelit. Note that more than one tenant ID could be displayed here. For example, Eyelit may have a tenant ID that can be used for support activities.


Create a user in Eyelit MES UI with SSO

The way that SSO is managed differ between newer and older versions of the Eyelet MES software. You will need the appropriate permissions to create a user in Eyelit MES.

Versions 8.6.0 and later

The Principal Name field in Eyelit MES maps to the User principal identifier in Azure AD. When this field is filled in, it automatically federates the account with Azure AD.

To create a user in Eyelit MES, follow the instructions in the Users documentation.

Versions 8.5 and older

Older versions of the software required one email address which was used to federate the account with Azure AD. The Principle Name field does not exist in versions 8.5 and older.

Note that this will result in emails never reaching a user where their email address differ from the User principal identifier in Azure AD. For example, a password reset email would never reach the user. 

To create a user in Eyelit MES, follow the instructions in the Users documentation.

Related Articles

  • None
Was this article helpful?
Thank you for your feedback!
User Icon

Thank you! Your comment has been submitted.

Copyright © 2025 Eyelit Technologies. All rights reserved.