Single Sign-On (SSO)Enable SSO

Enable SSO

This step is performed by a TeC System Administrator or Partner Group Administrator.

Enable SSO for Partner Group

  1. Navigate to the group settings.

  2. Scroll to the Identity Provider section. If it is not visible, contact your TeC system administrator.

  3. Check Enable Single Sign-On. Enabling this option will reveal the SSO configuration fields.

  4. Fill in the fields as described in the Configuration field reference table below.

  5. Click Save. The SSO configuration will be saved and a unique SSO login URL will be generated for the group. This URL can be shared with users so they can access the TeC authentication flow directly.

Configuration field reference

The following table describes each configuration field in the TeC Identity Provider section and the corresponding value to copy from your Azure AD app registration.

TeC Field Description Azure AD Value
Provider Name A user-friendly name for the Identity Provider, displayed in the e-Invoice Connect UI and SSO login link. Any descriptive name, for example, Azure AD SSO.
Discovery endpoint The URL of the authorization server. TeC uses this to construct the discovery endpoint URL automatically. For single-tenant Azure AD: https://login.microsoftonline.com/{tenantId}/v2.0. Replace {tenantId} with your Directory (Tenant) ID from the Azure Portal.
Cliend ID The application identifier assigned by Azure AD. Application (Client) ID assigned by Azure AD. You can find it in the Azure app registration Overview page.
Client secret The secret credential used by e-Invoice Connect to authenticate with Azure AD. Masked after saving. The Value of the client secret during TeC registration in Azure AD. Must be copied immediately after creation.

Enable SSO for Partner Group Member

  1. Navigate to the group settings.

  2. Scroll to the Member section.

  3. Check Enable Identity Provider.

When this option is enabled:

  1. Traditional password-based login is disabled for all users associated with this member.

  2. Affected users receive an email notification informing them they must log in via SSO.

  3. Users must exist and be registered in the Identity Provider (Azure AD) using their correct email address before they can access TeC.