Single Sign-On (SSO) is an authentication process that allows users to access multiple applications or services by logging in only once. This method reduces the need for users to memorize or keep track of multiple logins. With Vagaro, you can integrate with Microsoft Entra ID.
SAML is an XML-based, open standard for exchanging authentication and authorization data between the Service Provider and the Identity Provider. The Identity Provider (Entra ID) is responsible for authenticating users and providing assertions about their identity to the Service Provider (Vagaro). Your organization's employees can seamlessly log in to Vagaro using the credentials they are already familiar with.
Important
This feature is enabled for a limited number of businesses. If you are interested in the SSO feature on Vagaro, please contact Vagaro Support.
Prerequisites: This feature requires Microsoft Entra ID. To configure the Vagaro and Microsoft Entra ID integration, you must have at least the Owner or Application Administrator role enabled for your account in Azure.
To find the Reply URL in Vagaro:
To configure the integration:
-
Log in to the Azure Portal, then search for and select Enterprise Applications.
-
Select New Application.
-
Select Create your own application.
-
Fill out the following information, then select Create.
-
Under What's the name of your app, give your app a name.
-
Under What are you looking to do with your application, select the Integrate any other application you don't find in the gallery option.
-
-
In the left panel, select Single sign-on.
-
Select the SAML single sign-on method.
-
In the Basic SML Configuration box, select Edit, then enter the following details:
-
Identifier (Entity ID): Enter the name of your Vagaro Business or another ID that will be used later in Vagaro.
-
Reply URL: Enter the reply URL provided by Vagaro.
-
-
Select Save.
-
Scroll down to the SAML Certificates section, Download the Certificate (Base64).
-
Go to the Set up features section, then copy the Login URL.
To complete the integration setup:
-
Go back to your Vagaro account and return to the SSO Integration screen ( → → ).
-
Enter or attach the following details:
-
Identifier ID (Entity ID): The entity ID you created in the Azure Portal.
-
Domain: The domain of your organization (ex. vagaro.com).
-
App Federation Metadata URL: The Login URL you copied in the previous section.
-
App Certificate: Upload the Certificate (Base64) uploaded in the previous step.
-
Vagaro uses the System for Cross-domain Identity Management (SCIM) to provision users from Microsoft Entra into Vagaro. SCIM is a standard protocol for automating the exchange of user identity information between different systems. Users created or modified in the enterprise application will be synced over your Vagaro Flagship location. Removing the users from the Enterprise Application will deactivate them in Vagaro rather than deleting them.
To provision users:
-
Go to the Enterprise Application you created in Integrate Vagaro with Entra ID.
-
In the left panel, select Provisioning.
-
Open the Provisioning Mode list, then select Automatic.
-
Go back to your Vagaro account and return to the SSO Integration screen ( → → ).
-
Write down or copy the Provisioning Endpoint URL and the Secret Token.
-
Go back to the Provisioning screen, expand the Admin Credentials section, then complete the following steps:
-
Paste the Provisioning Endpoint URL in the Tenant URL box.
-
Paste the Secret Token in the Secret Token box.
-
Select Test Connect to verify if the endpoint has been successfully established.
If successful, you should see the following message.
-
-
Select Save.
Comments
6 comments
What process do users use to login via SSO? There are only options to login via username and password or Apple, Google, or Facebook - no SSO option.
Hi Jake, SSO is only available to a few select businesses. If you're interested in activating this feature, please contact our support team.
Thanks, Jamie
I was authorized for SSO! I just don't know how to utilize it at sign in. Is there a specific URL my team has to use to have SSO? My domain being in the login doesn't pull up an option automatically.
Hi Jake, I see you have an open ticket with our Support Team. I escalated your ticket so we can have someone contact you directly on this question.
Thanks, Jamie
Hi Jamie,
Is there a specific team I should be working with on SSO/SCIM?
Trying to get more information about this integration and set it up has been very difficult. I haven’t been able to get clear guidance. When I first asked about SSO, my onboarding partner stopped replying. Since then, I’ve spent several hours with support explaining what SSO and SCIM are and why we need them, without receiving concrete next steps.
The support article mentions that “this feature is enabled for a limited number of businesses” and that we should reach out if we’re interested. Could you clarify what that means in practice?
Most recently, I was told that I should “keep support updated” when the SSO feature is enabled. I don’t have the time or interest in constantly checking Vagaro to see if the integration is quietly made available.
At this point, I’m starting to feel that getting access to this feature is unnecessarily convoluted and may not even be possible. Any clear information on which businesses SSO/SCIM is available to, and who can own this request end-to-end, would be sincerely appreciated.
Hi Mike,
Thanks for reaching out. Since this feature is currently limited to a small group of businesses, SSO is available by request only. I checked on your behalf and confirmed that your request has already been submitted. I also escalated your question to our Support and Development teams, and they let me know that your request has been fast-tracked.
Someone will email you once the feature has been enabled for your business. You'll be able to work with them for next steps and any questions you have about the feature.
Thanks, Jamie
Please sign in to leave a comment.