Scalepoint now supports OIDC federation to Entra ID, which is a recommended option for enterprise customers who support it.
There are two separate Entra ID apps available for production and sandbox environments: "Scalepoint (production)" and "Scalepoint (sandbox)", respectively. You will likely want both configured. Start with sandbox and, once verified, configure production accordingly.
There are several ways to install the application: via Microsoft Entra Gallery, via a consent link, or by signing in with the user who has administrative privileges in Entra ID.
Another option for installing the app is to use a consent link. The format of the consent link differs between environments: https://login.microsoftonline.com/{tenant-id}/adminconsent?client_id=8ac362f7-bb33-41e7-8a32-c2c3b549b728 (sandbox) or https://login.microsoftonline.com/{tenant-id}/adminconsent?client_id=11b2becd-c3b0-42da-a037-63a53dd41434 (production), where {tenant-id}
is your organization's tenant ID in Entra.
To get it, go to your Entra ID >> Overview and copy your Tenant ID value. Please provide Scalepoint with this value. It is needed to associate your organization's Entra ID tenant with the tenant in Scalepoint ID.
After opening the link, you will see a consent screen. As soon as you accept it, the application will appear in your organization's Enterprise Apps menu.
You may achieve the same if you log in to Scalepoint by using the user with administrative privileges in Entra. You will see the same consent screen as in the previous option.
This mapping is pre-configured out of the box and does not require additional configuration.
Scalepoint uses the following user data: Display name
, User principal name
, Department
, Mobile phone
, Email
, Account enabled
, and the groups the user belongs to.
In order to map a user group, you need the group alias in Scalepoint to match the Entra group's Object ID.
Department groups are automatically created in Scalepoint ID based on department attribute value and user is automatically assigned to that department.
Note: At the moment, these departments are not automatically created in products. This means that in ClaimsCORE & HUB, departments and user pools need to be manually created with correct External IDs matching the original string.
There is a new way of providing your users with privileged access. For that to work, go to "Enterprise apps", find the Scalepoint app, select "Users and groups", click "Add user/group", and assign the user to one of the roles. The selected user will have corresponding access to Scalepoint now. Only two predefined privileged roles are supported at the moment: Scalepoint ID Tenant Reader
and Scalepoint ID Tenant Administrator
, plus Custom access
used for all other assignments. Tip: You can assign eligible assignment groups to these privileged roles to utilize Entra's Privileged Identity Management features.
User's groups in your Entra ID are not visible to Scalepoint automatically. You have to assign any groups that you want to make visible in the Enterprise app's "Users and groups". Repeat the user assignment steps from the App roles section, but choose application role Custom access
to later assign product specific roles and permissions inside Scalepoint ID.
By default, all users are allowed to log in to Scalepoint. But you can change this behavior and manually assign the users you want to allow to sign in. For that, open the Scalepoint enterprise app, go to Properties, and set the Assignment required?
switch to Yes
.
When using Entra ID single sign-on to Scalepoint, you can use Conditional Access features in Entra ID to implement additional protection measures to enforce, for example:
We highly recommend to implement multi-factor authentication on Entra ID side. This approach provides the best user experience, minimal management overhead, and highest security since no additional authenticators need to be managed.
This functionality is in development now.