Overview
This article details the step-by-step instructions for setting up Single Sign-On (SSO) between Microsoft Entra ID and Feefo Hub. This configuration will allow users to access Feefo's services using Microsoft Entra ID credentials.
Prerequisites
- Domain Requirement: All users enabled for SSO must have email addresses from the same unique domain associated with Microsoft Entra ID, such as
@feefo.com. - Universal SSO: SSO will be enabled for all users within this domain. Individual exclusions are not supported.
Set Up Application in Microsoft Entra ID
To connect Microsoft Entra ID with Feefo Hub, an administrator must access the Microsoft Entra admin center.
- Log in to your Microsoft Entra admin center.
- Navigate to: Applications > App registrations.
- Create a New Registration:
- Enter a name that clearly identifies this application as Feefo-related (e.g., “Feefo Hub SSO”).
- Select an Account Type that aligns with your organisation’s access requirements.
- Do not complete registration yet, as a Web redirect URL will be required in the next step
Configure Redirect URLs
Feefo Hub requires specific redirect URLs for SSO.
- In the Redirect URL section, select Web.
- Enter the following URLs as redirect endpoints:
https://hub.feefo.com/login/callbackhttps://feefo.uk.auth0.com/login/callbackhttps://auth.feefo.com/login/callback
- Once the URLs are added, complete the registration by creating the application.
Authentication Settings
- Go to the newly created application in Microsoft Entra ID.
- Navigate to the Authentication tab:
- Ensure that Access tokens are selected, which is required to allow token-based authentication.
Create a Client Secret
- Navigate to Certificates & secrets:
- Under Client secrets, select New client secret to generate a unique client secret for this application.
- Save the Client Secret Value:
- Make a secure note of the Value field, as this token will need to be provided to Feefo during setup.
Set API Permissions
- Navigate to the API permissions tab:
- Ensure that the following Microsoft Graph permissions are delegated:
- Directory.Read.All – Provides read-only access to directory data.
- User.Read – Allows users to sign in and read their profile.
- Ensure that the following Microsoft Graph permissions are delegated:
- These permissions enable Feefo to access necessary user data within Microsoft Entra ID.
Note Key Application Information
Navigate to the Overview tab:
- Make a note of the Application (client) ID. This identifier will need to be provided to Feefo.
Locate Your Microsoft Domain Name:
- In the Identity overview section of the admin center, locate your organisation’s domain name (e.g.,
@feefo.com). - Provide this domain name to Feefo to ensure all users within this domain can utilise SSO.
- In the Identity overview section of the admin center, locate your organisation’s domain name (e.g.,
Optional: Determine the User ID Attribute Type.
- In many setups, this is set to User Object Identifier (oid) by default. Confirm with Feefo if additional information about the User ID attribute is required.
Summary of Required Information for Feefo
Upon completing these steps, you will need to provide Feefo with the following:
- Client Secret Value from Certificates & Secrets.
- Application (client) ID from the Overview tab.
- Microsoft Domain Name used in your Microsoft Entra setup.
- (Optional) User ID Attribute Type, if necessary.
Following these steps will enable SSO access between Microsoft Entra ID and Feefo Hub, providing a streamlined login experience for your organisation’s users. For any issues or further assistance, please contact Feefo support.