SSO (Single Sign On) Authentication lets you access your company’s applications and websites with a single set of login credentials. Centage has now enabled you to include Centage in your SSO solution.

You can add Centage to your company’s SSO solution if you use any SAML 2.0 compliant identity providers, including:

• OneLogin
• Okta
• RSASecurID
• Idaptive
• Ping
• Microsoft Entra ID
• CA Technologies
• ... (and many more. Ask Centage Support.)

When you work with Centage to set up SSO, your company’s Administrator chooses an SSO Admin user in Centage who can set up SSO for your company.

This document shows you, a Centage SSO Admin, how to set up SSO for your company using Microsoft Entra ID.

Setting up SSO with Microsoft Entra ID

Step 1: Open your company’s Microsoft Entra ID account. On the left, select All applications. Then, click + New Application.

Step 2: The Browse Microsoft Entra ID page opens. Click + Create your own application at the top.

Step 3: The Create your own application page opens. Enter the following information:

1. In the What’s the name of your app? field, enter Centage.
2. Under What are you looking to do with your application?, make sure the Integrate any other application you don’t find in the gallery (Non-gallery) radio button is selected.

Step 4: Click Create.

A confirmation message appears.

Step 5: On the Overview page for the Centage app, click 2. Set up single sign-on.

Step 6: On the next page, under Select a single sign-on method, click SAML.

Step 7: On the Set up Single Sign-On with SAML page, under Basic SAML Configuration, click Edit.

Under Basic SAML Configuration, enter the following information:

Identifier (Entity ID) – planning-maestro

Reply URL (Assertion Consumer Service URL)–https://domainname.planningmaestro.com/saml/SSO

Sign on URL – https://domainname.planningmaestro.com/saml/login

Please Note: In the Reply URL and Sign on URL, replace “domainname” with the domain name of your company’s Centage account. To make sure you are using the correct domain name, check the welcome email sent by Centage Support.

Please Note: The Reply URL and Sign on URL are CASE SENSITIVE ensure that the SSO at the end of the URL is capitalized

Step 8: Save your changes.

Adding a User Claim

Step 1: On the Set up Single Sign-On with SAML page, under User Attributes & Claims, click Edit.

Step 2: On the User Attributes & Claims page, click + Add new claim.

Step 3: On the Manage Claim page, enter the following information:

• Name – CentageUserName
• Namespace – Leave this field blank.
• Source – Select the attribute radio button.
• Source Attribute – Select the attribute that matches the username you use in Centage: usually first initial + last name, or sometimes the employee’s company email address.

Please Note (important): If the Source Attribute value does not match the username in Centage, the SSO connection will not work.

Step 4: Save your changes.

Adding Users in Microsoft Entra ID

After setting up Centage as one of the apps in your Microsoft Entra ID SSO solution, add every Microsoft Entra ID user who should be able to access Centage.

Step 1: On the left, select User and Groups to open the Users and groups page and add every user who should be able to access Centage.

Step 2: Search for and select every user who should be able to access Centage.

Now, set up the SSO connection in Centage itself. Please see the following articles:

1. Setting up SSO in Centage – Set up SSO in Centage itself.
2. Managing Users – Add employees from your company who should be able to access Centage.

Please Note: You will not be able to log into Centage through SSO as the SSO Administrator, as the username "sso_admin" does not match the CentageUserName attribute value. Use your Administrator account or have another user confirm that they can successfully log in through SSO.

If you log in and a 401 error occurs, please check to make sure the Centage username matches the Source Attribute value.  If needed, you can change the username(s) in Centage to match the CentageUserName attribute value in Microsoft Entra ID.

Assigning Users

Follow the steps below to assign users from your company to access Centage through SSO.

1. Select the Assignments tab on the Centage app page in Microsoft Entra ID.
2. On the Assignments tab, click Assign and select Assign to People from the dropdown menu.
3. In the Assign Centage to People popup, click Assign next to the user you want to add.
4. Confirm the user's work email appears in the User Name field, then click Save and Go Back.
5. The popup returns to the user list. The assigned user now shows an Assigned button. Click Done when finished assigning all users.

Repeat Steps 1–4 for each additional user who needs access.

Once all users are assigned, the Assignments page lists everyone who can access Centage through your company's SSO solution.

Understanding Username Matching Requirements

Before confirming display names, it is important to understand how SSO authentication works. When a user logs in through Microsoft Entra ID, Microsoft Entra ID passes a username to Centage via the SAML assertion. Centage then compares that username against its own user records. If the values do not match exactly, the login will fail.

This means a user's name must match exactly across all three of the following locations:

All three values must be an exact, character-for-character match, including capitalization, punctuation, and spacing. Even a minor difference will prevent the user from logging in.

Common Mismatches to Watch For

• Email format vs. display name format — e.g., jsmith@company.com in Microsoft Entra ID vs. John.Smith in Centage
• Capitalization differences — e.g., john.smith vs. John.Smith
• Extra spaces before or after the name
• A period or separator missing — e.g., JohnSmith vs. John.Smith

Confirming Display Names

For users who already exist in Microsoft Entra ID, follow the steps below to verify that their Microsoft Entra ID Display Name matches their Centage username. This must be confirmed for every assigned user.

1. On the Centage app page in Microsoft Entra ID, open the Assignments tab and click the name of any assigned user.
2. The user's page opens. Select the Profile tab.
3. On the Profile tab, click Edit.
4. Scroll down to the Display Name field. Confirm that this value is an exact character-for-character match for the user's Centage Username (for example: Jane.Smith).
5. If the Display Name needs to be updated, make the correction and scroll down to click Save. If the Display Name already matches, no changes are needed.

Repeat this process for each assigned user before proceeding.

Updating Expired SSO Certificate

Here are the steps to update the certificate for Entra ID. 
 
1. Go to the SSO application

• Azure Portal → Entra ID
• Enterprise Applications
• Select the affected application
• Go to Single Sign-On
• Select SAML

 
2. Add or activate the new certificate

• Scroll to SAML Signing Certificate
• You will typically see:

  • Active certificate (expiring)

    Secondary certificate (new)

• If the new one doesn’t exist yet: Click New Certificate
• Set an expiration (e.g., 2–3 years)
• Save
  After that, update any metadata URL or recipient URL in your SSO admin Centage login.