SETTINGS
/
Users
/
SSO Support
Last updated

Single Sign-On (SSO)

Norce Commerce supports Single Sign-On (SSO) for Norce Admin. Users sign in through your organization's identity provider instead of using a separate Norce username and password. This simplifies access management and centralizes authentication.

Note: SSO is an add-on feature and is not included in the standard Norce Commerce license. Enabling SSO affects your licensing terms. Contact your Norce representative for details and pricing.

How SSO works

Norce SSO Login redirect

When SSO is enabled for your client, the Norce Admin login page redirects users to your organization's identity provider. Users authenticate with their existing corporate credentials and are then signed in to Norce Admin automatically.

Entra login page

Supported identity providers

Norce currently supports Microsoft Entra ID (formerly Azure Active Directory) through the OpenID Connect (OIDC) protocol. Support for additional identity providers may be added in the future.

User provisioning

Users who sign in through SSO can either already exist in Norce or be created automatically at first sign-in. When a new user is created through SSO, Norce assigns the default role configured for your client. You can then adjust role and permissions in Norce Admin as needed.

For more information on roles and permissions, see User Management.

Getting started

Enabling SSO is a two-step process involving both your organization and Norce.

1. Prepare your identity provider

Your Entra ID administrator needs to create an OIDC app registration in Microsoft Entra ID and configure the redirect URI provided by Norce. After the app registration is ready, share the following details with Norce:

  • Tenant ID
  • Client ID (Application ID)
  • Client secret

2. Norce activates SSO

After receiving the configuration details, Norce activates SSO for your client environment. Once activated, the Norce Admin login page redirects to your Entra ID sign-in page.

To get started, contact your Norce representative.

Things to know

Role management

Roles and permissions are managed in Norce Admin, not in Entra ID. SSO handles authentication (who the user is), while authorization (what the user can do) is controlled by Norce roles. Automatic role mapping from Entra ID groups is not currently supported.

Partners and external users

If partners or external consultants need access to Norce Admin through SSO, invite them as guest users in your Entra ID tenant. They then authenticate through your organization's Entra ID like other users.

Sub-clients

If your setup includes sub-clients, each user must sign in through the client where their user account exists. SSO authentication is scoped to the specific configured client slug.

Previous page
Next page