Categories

Setup & Configuration
Suppliers
Items
Categories
Inventory
Budgets
Projects
Transactions
General Use

Single Sign-On (SSO) Integration Guide

Using Single Sign-On (SSO) with Tradogram allows your company to centralize user access, simplify password management, and provide a seamless one-click login experience.

Note: SSO is available as a premium add-on. To get a quote or check if SSO is supported for your account, please reach out to your Customer Success Representative or support@tradogram.com.

General Configuration Details

Tradogram acts as the Service Provider (SP), and your directory (Azure, Okta, etc.) acts as the Identity Provider (IDP). We use the SAML 2.0 authentication protocol.

Field Value
Entity ID (Identifier) tradogramsso
Reply URL (ACS) https://app.tradogram.com
Logout URL https://app.tradogram.com/users/logout
Required Attribute emailaddress (Must match the Tradogram user email)

Setting Up SSO for Azure Active Directory

  1. Create Application: In the Azure Portal, go to Enterprise Applications > New application > Create your own application (Non-gallery). Name it "Tradogram Login".
  2. Assign Users: Under Users and groups, assign the users who need Tradogram access. Their Azure email must match their Tradogram account email.
  3. Configure SAML: Select Single sign-on > SAML. Edit the Basic SAML Configuration using the Entity ID and URLs provided in the table above.
  4. Attributes & Claims: Edit this section. Find the claim for user.mail. Change its name to emailaddress and clear the Namespace box so it is blank. Save your changes.
  5. Metadata: Under the SAML Certificates section, download the Federation Metadata XML file.

Setting Up Azure for Mobile App Access

To ensure users can log in via the Tradogram mobile app, complete these additional steps:

  1. App Registration: In Azure, go to App registrations and select your "Tradogram Login" app.
  2. Platform Configuration: Go to Authentication > Add a platform > Mobile and desktop applications.
  3. Redirect URI: Enter com.tradograminc://oauth/redirect/ in the custom redirect URI field and click Configure.
  4. API Permissions: Go to API permissions > Add a permission > Microsoft Graph > Delegated permissions.
  5. Permissions Selection: Under OpenId permissions, check email, offline_access, openid, and profile. Click Add permissions, then click Grant admin consent at the top.

Completing Your Setup

To finalize the integration, please share the following three items with your Tradogram account manager:

  • IDP or Tenant ID
  • Application ID
  • Federation Metadata XML File

Maintenance Note: When your SSO certificate expires, users will be unable to log in. Please send an updated Federation XML file to support@tradogram.com or your representative. Allow 1-2 business days for the update to be processed.

Was This Helpful?

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Tags:

Manage Company
integrate
Table of Contents
Table on content Tradogram icon