There are a few different ways you can initiate Single Sign On (SSO) with Entra depending on how the customer environment is set up. My1Login can give advice on which option will suit you best.

User initiated SSO

The user browses to their whitelabel (or has it set as their home page) and then clicks the OIDC login button on the page. This will redirect them to Microsoft as their IDP for authentication. The authentication will happen automatically if they have a PRT (Primary Resource Token) already in their browser or it will present them with the standard Microsoft login form to login as normal.

Query string and browser plugin Seamless SSO

The administrator sets the user’s home page to have a custom My1Login Entra query string appended to it and has the My1Login browser plugin installed on their users' PCs. The query string lets the My1Login browser plugin know what white label to open, and which OIDC button to push to initiate the IDP login to Microsoft.

Direct Login URL Seamless SSO

The administrator might want to set the My1Login vault as their users' homepage or open it in a second tab, or the user might want to have the vault as a bookmark that they can click on and login automatically. They can do this by using the Direct Login URL. This URL simulates what pressing the OIDC login button does and takes the user directly to their vault if they have a valid PRT.

The Direct Login URL is unique to every customer. It consists of two parts:

1. The accountProviderId which tells them which OIDC IDP tenant and button to use. The ID number is unique to each OIDC integration.
   
1. “https://acme.my1login.com/Business/Oidc/StartAuth?accountProviderId=1127”
   
2. The redirectURL which directs them to their white label:
   
1. ”&redirectUrl=https://acme.my1login.com”
   

Altogether it will look like this:

https://acme.my1login.com/Business/Oidc/StartAuth?accountProviderId=1127&redirectUrl=https://acme-live.my1login.com