Note: Before beginning the steps below, please ensure your users have been uploaded to the MyCompliance platform as User Type: SCIM or User Type: Federated, as Email-based users cannot avail of SSO.

Configuring SSO for MyCompliance with Entra ID

1. New Application Registration

• Navigate to: Entra ID > App Registrations > New application registration > and enter the details as below:
  • Name: MyCompliance Cloud
  • Support Account Types: Accounts in this organisational directory only
  • Redirect URI: Web 
    • https://metacomplianceb2c.b2clogin.com/metacomplianceb2c.onmicrosoft.com/oauth2/authresp
      (Data Centre: IRE/NL/UK/DACH/CAN)
       
    • If you are using our US Data Centre the Redirect URI will be as follows: https://metacomplianceb2cus.b2clogin.com/metacomplianceb2cus.onmicrosoft.com/oauth2/authresp
      (Data Centre: US).

2. Retrieve Application ID & Directory ID

For the SSO configuration, we will require the Application ID and the Directory ID of the app. 

• Navigate to: Entra ID > App Registrations> MyCompliance Cloud > Overview
• Please send these IDs to your MetaCompliance Customer Support representative.

3. Update the Home Page URL

Update the application's home page URL, replacing cloud with your own domain name. Your MetaCompliance support rep will provide this.

Example: https://cloud.metacompliance.com/Account/SignIn?domain_hint=mydomainname

4. Verify Claims in App Registration

• Navigate to: Entra ID > App Registration > MyCompliance Cloud.
• Ensure that the following claims are added for the app:
  • Add Optional Claims +
    • Select: ID, then tick: email and upn
    • Click on Add, when prompted - tick the 'Turn on the Microsoft Graph' permissions checkbox

5. Ensure Consent is Granted within the App Registration

• Navigate to: App Registrations > MyCompliance Cloud > Manage > API Permissions
• Ensure the following API permissions are granted by selecting: 'Grant Admin Consent'

Note: If you cannot see 'User.read' in the list above, you will need to click on '+ Add a permission', select Microsoft Graph then choose User > User.read, then grant Admin Consent again. This is required for SSO.  

6. Implicit Grant - Enable ID Tokens in AAD

For SSO operations to complete successfully, the MyCompliance application requires ID Tokens to be enabled on the application within Entra ID. Implicit grant allows an application to request a token directly from the authorisation endpoint.

To enable Implicit grant, follow the steps below:

• Navigate to: Entra ID > App registrations > MyCompliance Cloud > Authentication.
• Under Advanced settings, enable the ID tokens by selecting the checkbox.

7. Add the MyCompliance Application to MyApps (Optional)

• From the Azure portal, select Entra ID > Enterprise Applications > select the MyCompliance application.
• Select Users and Groups.
• Add the user(s) or groups who should see the app in MyApps.

8. Grant Consent in the Enterprise Application

Ensure an Entra ID Global Admin has granted permission for users to access the app.

• Navigate to: Enterprise Applications > MyCompliance Cloud > Security > Permissions
• Ensure the following option is selected: 'Grant admin consent'

9. Configure Custom Domains

From the Azure portal, select Entra ID > Custom Domain Names > Name.

Provide your verified domain names to your MetaCompliance Support rep so that they can be added for SSO redirection to your MyCompliance tenant.