Skip to main content

April 2025 - Microsoft SAML SSO

Set up Microsoft SAML SSO for WeThrive users in your organisation

Lauren Rolfe avatar
Written by Lauren Rolfe
Updated over a week ago

As an extra security measure, and to make logging in easier for users, you can now use Microsoft SAML Single Sign-on to log in to WeThrive.

By following a few steps, you can set up SSO for your organisation to allow all users to be able to bypass the need for passwords and login using their Microsoft credentials.

All it requires is a few steps in the Microsoft Entra ID administrator centre (you will need Microsoft admin access) to link your Microsoft account to your WeThrive account (using the SAML procedure). Instructions for this are listed below.

Once completed, your employees will no longer need to set separate passwords for their WeThrive accounts.

What happens when a user is first added to WeThrive?

You have a choice of how user accounts are set up when first added to WeThrive:

  • Employees can be sent a verification email which asks them to verify their Microsoft credentials in WeThrive. Once verified, they can log straight into WeThrive with Microsoft, bypassing the need for a password.

  • Employees can still be sent activation emails to set a password for their WeThrive account. They can still login using Microsoft once set.

Important: Please let your WeThrive Account Manager know which of the above options you would prefer at the same time that you share the “App Federation Metadata Url” (mentioned in below steps).

Set up Microsoft SSO with WeThrive

You will need to have administrator access to Microsoft to complete the steps below.

  1. First, request the organisation ID for your WeThrive account as you will need this when following the steps below. Please ask your Account Manager for this.

  2. Go to Microsoft Entra ID.

  3. Under ‘Manage’, select ‘Enterprise Applications’ from the menu.

  4. Click ‘New application’

  5. ‘Create your own application’

  6. Input a name e.g. WeThrive SSO, and select ‘Integrate any other application you don’t find in the gallery (Non-gallery)’.

  7. Click ‘Create’

  8. Click ‘Set up single sign on’

  9. Select SAML

  10. Edit “Basic SAML Configuration”

  11. Enter the Identifier (Entity ID): https://app.wethrive.net/ms_sso/saml/metadata/organisation_id/

    1. You will need to enter the organisation ID provided to you by WeThrive (see step 1).

    2. Enter the ‘Reply URL (Assertion Consumer Service URL)’: https://app.wethrive.net/ms_sso/saml/acs/

    3. Click ‘Save’

  12. Next, click edit under ‘SAML Certificates’ to edit the token signing certificate.

  13. From the ‘Signing Option’ drop down, select ‘Sign SAML response and assertion” and ‘Save’.

  14. Copy the “App Federation Metadata Url” – and share this with your WeThrive Account Manager to add to the WeThrive account settings.

  15. Within the application, go to Users and groups.

  16. If all employees are included in a group that has already been created, add the Group here. Or, click under the Users heading to select users to add to this application.

  17. Click Assign.

Once the “App Federation Metadata Url” has been added to your WeThrive account by your Account Manager, users will be able to login with Microsoft credentials.

Did this answer your question?