How do I know if SSO is working correctly?

After setup, log out of TrainMeUK and click 'Sign in with Microsoft'. You should be redirected to Microsoft's login page, then automatically logged into TrainMeUK without entering additional credentials.

Can I set up SSO for external users or guests?

SSO works for users in your Microsoft 365 organization. External users or guests would need separate accounts or you'd need to configure B2B collaboration in Azure AD for external access.

What if my client secret expires?

Client secrets have expiration dates. You'll need to create a new secret in Microsoft Entra ID and update the Client Secret in TrainMeUK settings before the old one expires to avoid SSO failures.

Connect TrainMeUK to Microsoft 365 (Single Sign-On) - TrainMeUK LMS Resources

What You'll Achieve

✅ Staff will log into TrainMeUK using their Microsoft 365 work account
✅ No extra passwords to remember or manage

👤 Who Should Do This

A Microsoft 365 administrator with Global Admin or Application Admin rights.

🔄 Step-by-Step Setup

1. In TrainMeUK

Go to: https://app.trainmeuk.co.uk/admin/settings → SSO & Provisioning
Copy the Redirect URI shown on screen (keep this page open — you'll paste it into Microsoft Entra ID later)

2. In Microsoft Entra ID

Go to entra.microsoft.com → App registrations → New registration
Enter:
- Name: TrainMeUK SSO
- Supported account types: Accounts in this organisational directory only (Single tenant)
- Redirect URI: paste the Redirect URI you copied from TrainMeUK
Click Register

3. Collect Details from Microsoft

From the app you just created in App registrations:

Copy the Application (client) ID → this will be your Client ID in TrainMeUK
Copy the Directory (tenant) ID → this will be your Tenant ID in TrainMeUK
Go to Certificates & secrets → New client secret → copy the secret value (you'll only see it once)

4. Turn On Sign-In Tokens

In Authentication, tick ID tokens
Click Save

5. Back in TrainMeUK

Paste the values you collected:
- Tenant ID → from Directory (tenant) ID
- Client ID → from Application (client) ID
- Client Secret → the secret value you created
Click Enable SSO → Save ✅

🧪 Test It

Log out of TrainMeUK
Click Sign in with Microsoft
Use a normal staff account → you should go straight in ✅

💡 Troubleshooting

"Needs admin approval"

A Microsoft admin must log in once to approve the connection.

Redirect error

Check the Redirect URI in TrainMeUK and Microsoft Entra ID match exactly.

Why Single Sign-On Matters

Single Sign-On (SSO) eliminates password fatigue and security risks while providing a seamless user experience. With Microsoft 365 integration, your staff can access their compliance training using the same credentials they use for email, Teams, and other Microsoft services. According to Microsoft and Forrester research, SSO reduces IT support tickets by 70% and improves user productivity by eliminating password management overhead.

Enhanced Security

Centralized authentication reduces password-related security risks and makes access management easier.

Better User Experience

Staff can access training without remembering additional passwords or going through complex login processes.

Reduced IT Support

Fewer password reset requests and login issues mean less burden on your IT support team.

Compliance Benefits

Centralized access control makes it easier to ensure all staff have appropriate training access.

Common SSO Configuration Issues

Frequent Setup Challenges

Redirect URI Mismatch

Ensure the Redirect URI in both systems matches exactly, including https:// and any trailing slashes.

Client Secret Expiration

Client secrets expire after a set period. Set a reminder to renew them before expiration.

Permission Issues

Ensure the app registration has the necessary API permissions for user authentication.

Tenant ID Confusion

Make sure you're using the Directory (tenant) ID, not the Application (client) ID for the Tenant ID field.

Security Best Practices

Keep Your SSO Secure

Store client secrets securely and never share them in plain text
Set appropriate secret expiration dates and renew them proactively
Monitor sign-in logs regularly for any unusual activity
Use conditional access policies to add extra security layers
Test SSO regularly to ensure it continues working after updates

What Happens After Setup

Once SSO is configured, your staff will experience a seamless login process. They'll click "Sign in with Microsoft" on the TrainMeUK login page, authenticate with their Microsoft 365 credentials, and be automatically logged into their training dashboard.

Book a demo with TrainMeUK to see Microsoft 365 SSO in action and learn how it can improve user experience and reduce IT support overhead for your organization.

SCIM Auto-Provisioning

Automatically sync users from Microsoft 365 to TrainMeUK for complete user lifecycle automation.

Azure AD Integration Guide

Complete Azure AD integration in 60 minutes and save £120K-£180K annually in IT costs.

Power Automate Teams Integration

Automate training notifications to Microsoft Teams with adaptive cards and webhooks.

What is Single Sign-On (SSO) and why should I use it?

Single Sign-On (SSO) allows users to access multiple applications with one set of credentials. For TrainMeUK, this means staff log in using their existing Microsoft 365 credentials instead of remembering separate usernames and passwords. Benefits include: 70% reduction in IT support tickets (password resets, access issues), improved security through centralized authentication, better user experience (seamless access), reduced password fatigue and related security risks, faster training adoption due to easier access, and centralized access control for compliance. Organizations using SSO report higher training completion rates because access friction is eliminated.

What permissions do I need to set up Microsoft 365 SSO?

You need either Global Administrator or Application Administrator rights in Microsoft 365 to create app registrations and configure SSO settings. These permissions allow you to: create app registrations in Microsoft Entra ID, configure redirect URIs and authentication settings, create and manage client secrets, grant API permissions, and enable SSO for your organization. Standard user accounts lack these permissions. If you don't have admin access, request it from your IT team or work with an administrator to complete the setup. The actual configuration takes only 15-20 minutes for someone with proper permissions.

How long does Microsoft 365 SSO setup take?

Complete SSO setup takes approximately 15-30 minutes. The process includes: collecting Redirect URI from TrainMeUK (1 minute), creating app registration in Microsoft Entra ID (3-5 minutes), collecting application and tenant IDs (2 minutes), creating and copying client secret (2-3 minutes), enabling ID tokens in authentication settings (1 minute), configuring SSO in TrainMeUK (3-5 minutes), and testing with a user account (3-5 minutes). With our step-by-step guide and support documentation, most administrators complete setup within 20 minutes. Our support team can assist if needed.

What happens if the redirect URI doesn't match exactly?

Redirect URI mismatches are the most common SSO configuration error. The URI must match exactly between TrainMeUK and Microsoft Entra ID, including protocol (https://), domain, path, and any trailing slashes. Even a single character difference causes authentication to fail with a redirect error. If you encounter this: verify the Redirect URI shown in TrainMeUK admin settings, ensure it's copied exactly into Entra ID app registration (no extra spaces or characters), check for http:// vs https:// mismatch, and verify trailing slash matches or is absent in both places. Re-copying the URI carefully usually resolves the issue immediately.

What if I get a "Needs admin approval" error when testing SSO?

This error appears when the app requires administrator consent before users can access it. Resolution is simple: a Microsoft 365 administrator (Global Admin or Application Admin) must log in once to approve the TrainMeUK connection. After this initial approval, all users in your organization can use SSO without additional approvals. This is a security feature ensuring admins explicitly authorize third-party applications. The approval is a one-time process taking under a minute. Once complete, the SSO experience is seamless for all staff members.

What security benefits does Microsoft 365 SSO provide?

SSO significantly enhances security: eliminates password reuse across systems (users only remember one strong password), enables Multi-Factor Authentication (MFA) from Microsoft 365 to protect LMS access, provides centralized access control (disable one account, lose access everywhere), creates complete audit trails of authentication events for compliance, reduces phishing risks (fewer credentials to compromise), enforces organizational password policies uniformly, and allows conditional access policies for additional security layers. These security improvements make SSO essential for organizations managing sensitive compliance training data and meeting regulatory requirements like GDPR, ISO 27001, and SOC 2. View pricing for our secure Microsoft 365 integration.

Ready to Set Up SSO?

Our team can help you configure Microsoft 365 SSO in under 30 minutes, with full support throughout the process.

Get Setup Support View More Guides

Connect TrainMeUK to Microsoft 365 (Single Sign-On)