SSO (Single Sign-On) allows users to securely access systems with a single set of login credentials across multiple applications and services. Instead of managing separate usernames and passwords for each system, SSO centralizes authentication and improves security.
Once SSO has been enabled, connections can be made with Okta or Microsoft Entra (Azure). The established connections can be viewed or disconnected from the Single Sign-On page.
Email Requirements for SSO
Before Single Sign-On (SSO) can be enabled, all existing users must have unique email addresses. During SSO enablement, users with duplicate email addresses are identified and listed for review.
After SSO is enabled, unique email addresses are enforced when creating or editing users.
Login with SSO
When connected, users have the option to login with SSO or by using their R365 instance credentials.
If an SSO provider is configured but the connection is not established, the SSO option is not displayed on the R365 login screen.
SSO Integrations
Okta
The Okta Single Sign-On (SSO) integration allows R365 to authenticate users through Okta. When connected, users sign in to R365 using their Okta credentials instead of a separate R365 username and password.
Microsoft Entra (Azure)
The Microsoft Entra (Azure) Single Sign-On integration allows R365 to authenticate users through Microsoft Entra (Azure). When connected, users sign in to R365 using their Microsoft Entra credentials instead of a separate R365 username and password.
SSO Setup
Enable SSO
Single Sign-On (SSO) must be enabled before a connection with an SSO provider can be configured. Single Sign-On is enabled from the Single Sign-On page.
Before Single Sign-On (SSO) can be enabled, all R365 users must have unique email addresses. If duplicate email addresses are found, the users are listed for review and resolution.
R365 Welcome Emails
The welcome email delivery setting on the Single Sign-On page determines how initial login emails are handled for new users. By default, initial login emails are sent to all new users. This setting allows email delivery to be adjusted to align with Single Sign-On authentication workflows.
Suppressing welcome emails without configuring Single Sign-On (SSO) prevents newly created users from receiving login credentials or access instructions.
For instances managed by one or more brands, this setting may be controlled by the brand and displayed as read-only.
When brand enforcement is applied:
An additional welcome email delivery section appears for each enforcing brand.
Brand settings are read-only and reflect the value set at the corporate level.
If multiple brand-level welcome email settings apply to a user, the system uses the setting that allows the greatest level of email delivery.
The Other users setting applies to users who are not associated with a location linked to a brand that enforces welcome email delivery.
SSO Pages and Screens
Single Sign-On Page
The Single Sign-On (SSO) page displays available third-party SSO provider connections and their connection statuses. This page is where supported SSO provider integrations are managed.
Before SSO is enabled, the page displays the option to enable SSO.
From this page, users can:
Manage SSO connections for:
SSO Connection Screen
The SSO Connection screen contains the single sign-on integration settings for a third party SSO provider. This screen has a consistent layout across supported providers, including Okta and Microsoft Entra (Azure), with provider-specific fields where applicable.
From this screen, users can:
View and configure the SSO provider connection
