Čeština Polski

Login with Google account or Microsoft Entra ID - SSO

Radka Kalmanová

In the ENTERPRISE pricing plan, the administrator can allow users to log in to the CRM using their Google account or Microsoft Entra ID. This option can be enabled in Settings » SSO.

Snímek obrazovky 2025-05-21 v 13.22.10.jpg


Login via Google

This type of login can be enabled by the administrator for all users in Settings » SSO (Single Sign-On). Here, they will use the slider to enable Login via Google and fill in the email Domain. The administrator can enable Enforced login only via SSO. This means that the user will no longer have the option to log in using the credentials they set in Raynet, but only with their Google account.

Snímek obrazovky 2025-05-21 v 13.24.53.jpg

If the administrator chooses Enforced login only via SSO, users will be redirected to a simplified login page where the only available option is to sign in using their Google account. The page includes a Google login button and does not offer any other login methods.



Login via Microsoft Entra ID

Login via Microsoft Entra ID can also be enabled by the administrator in Settings » SSO » using the slider. Additionally, it is necessary to fill in Tenant ID, Client ID, and Client Secret, which can be found in the Microsoft account. There is also the option to enable Enforced login only via SSO.

Snímek obrazovky 2025-05-21 v 13.31.29.jpg

 

Important:  For login via Google account or Microsoft Entra ID to work correctly, the user must have the correct email address filled in User settings » Basic information » Primary email

 

Snímek obrazovky 2025-05-21 v 13.40.15.jpg

 

 

Administration in Microsoft Entra ID

Administration is done at https://entra.microsoft.com/. Applications can be seen in Applications » App registrations » All applications.

Přihlášení přes Google účet nebo Microsoft Entra ID - SSO - 17957318942749_6.0_19181123213597.0.jpg

 

 

Creating an application

When creating an application, we target applications that are single tenant, meaning exclusively managed by the Microsoft Entra account.

Přihlášení přes Google účet nebo Microsoft Entra ID - SSO - 17957318942749_7.0_19181164652445.0.jpg

 

 

Application configuration

Přihlášení přes Google účet nebo Microsoft Entra ID - SSO - 17957318942749_8.0_19182186386077.0.jpg

  • Application (client) ID is recorded in the CRM configuration as CLIENT ID.
  • Directory (tenant) ID is recorded in the CRM configuration as TENANT ID.
  • One of the keys in Client Credentials is recorded in the CRM as CLIENT SECRET (see screenshot below).
  • Redirect URI must be configured correctly for the environment in which the instance runs. In production, it will be https://app.raynet.cz/oauth2/login/code/entra. If necessary, it is possible to enter other domains where the instance runs (app.raynetcrm.sk, app.raynetcrm.com, eu.raynetcrm.com).

 

 

Přihlášení přes Google účet nebo Microsoft Entra ID - SSO - 17957318942749_9.0_19183963624349.0.jpg

 

  • Multiple keys can be created. In the CRM configuration, there is always one.
  • The key can only be viewed after creation; afterward, it is available only for preview with asterisks.
  • The default validity of the key is 180 days, maximum 730 days (this will depend on specific security settings in the Entra account). The client is responsible for the proper rotation of the key and its update in the CRM.