Hydra 2.3 is here - Windows 365 management included at no extra cost with all Hydra tiers.
Same features as AVD: auto-scaling, imaging, session control. Free tier limits: 5 host pools, 100 sessions. Paid tiers: unlimited.
View Pricing Today!
Get Started

Workspace Weekly: 6.5 Spotlight – Single Sign-On with Microsoft Entra ID

February 19, 2026

Login Enterprise 6.5 introduces single sign-on using Microsoft Entra ID via OpenID Connect. This allows teams to authenticate with the same identity platform they already use for Microsoft 365, Azure, and other enterprise applications.

Authentication is handled by Microsoft Entra ID. While authorization continues to be handled by LDAP. This separation keeps your existing role model intact while modernizing how users sign in.

The result is simpler access for users and stronger alignment with enterprise security standards.

Why this matters

As Login Enterprise adoption grows, identity becomes part of the conversation. Security teams want to know:

  • Is authentication centralized?
  • Are MFA policies enforced?
  • Can conditional access be applied?
  • Is there break-glass access if identity systems fail?

With 6.5, the answer is yes. When SSO is enabled, users are redirected to Microsoft Entra ID for authentication. That means:

  • Existing MFA policies auto applied
  • Conditional access rules are enforced
  • Sign-in logging happens in Entra
  • Password management stays centralized

Users may see the familiar Microsoft Authenticator approval prompt during login, which is expected; it means enterprise MFA controls are actively protecting access.

After successful authentication, Login Enterprise queries LDAP to determine group membership and role assignments, keeping authorization aligned with your existing AD structure.

How it works

Login Enterprise acts as an OpenID Connect client to Microsoft Entra ID.

The flow is service provider initiated. A user clicks on sign in with Microsoft Account on the Login Enterprise login page. The browser redirects Entra for authentication, and after a successful sign-in and any required MFA challenge, the user is redirected back to the appliance.

If Enforce SSO is enabled, users must authenticate via Entra. The local admin account remains available for break-glass access.

Break-glass access means that if SSO is misconfigured or temporarily unavailable, administrators can still sign up using the local admin account to restore access.

Click to View Details

Figure 1: Login page with Microsoft Account / Entra ID option

What this enables

  • Enterprise alignment: Authentication follows the same identity and MFA policies as the rest of your organization
  • Stronger security posture: No password duplication. No bypassing MFA. No separate identity store.
  • Cleaner onboarding: Users sign in with their corporate account. No separate Login Enterprise credentials required.
  • Operational flexibility: You can enable SSO without reconfiguring your existing LDAP-based role assignments.

Imagine if you are

A platform team rolling Login Enterprise out across multiple departments. Security requires MFA on all administrative systems. With SSO enabled, every sign-in follows the same Entra authentication path as other enterprise tools.

Audit logging remains centralized, and role assignments continue to map through LDAP groups.

Or imagine you are in a regulated environment where authentication standards must align with corporate policy. Instead of explaining a separate login mechanism, you simply point to Entra ID enforcement and conditional access policies.

Getting started

To configure SSO:

  1. Configure LDAP if it is not already in place
  2. Create an Enterprise Application in Microsoft Entra
  3. Enter the Tenant ID, Client ID, and Client Secret in Login Enterprise under Access Control > SSO configuration
  4. Save and test

For detailed steps, refer to: Configuring Single Sign-On (SSO)

Click to View Details

Figure 2: SSO configuration page in Login Enterprise

Ready to start using 6.5?

To set up a new appliance or update an existing one, go to Downloads. If your Appliance already exists and is internet-connected, follow Updating Login Enterprise (There are additional update steps here). Don’t forget to take a snapshot first.

As always, thank you for your feedback! We use your insights to make Login Enterprise better for you.

Stay tuned for more Workspace Weeklies and join our Slack channel #workspace-weekly to share field stories, tips, and interesting finds.

Summarize with AI

ClaudeChatGPTGeminiGrokPerplexityCopilot
Workspace Weekly

Joshua Kennedy,

Technical Product Manager

Subscribe for more insights!

Related Resources

The Real Math Behind AVD Management Pricing: Minimums, Tiers, and Year-One Costs
BlogApril 16, 2026

The Real Math Behind AVD Management Pricing: Minimums, Tiers, and Year-One Costs

Workspace Weekly: Your Infrastructure Story Now in Power BI
BlogApril 15, 2026

Workspace Weekly: Your Infrastructure Story Now in Power BI

Windows 365 Management Is Getting Too Complicated: The Three-Portal Problem
BlogApril 14, 2026

Windows 365 Management Is Getting Too Complicated: The Three-Portal Problem

Ready to see how you can transform with Login VSI?

Book Your Demo