Skip to main content
English Norge Sverige
Contact Us

New to Skolon Support? Register for an account

Need a password reminder?

Skolon Pass (QR-code) as SSO Entra and Windows devices - Knowledgebase / Administration in Skolon / Integrations - Skolon Support

This Article Category Categories

Skolon Pass (QR-code) as SSO Entra and Windows devices

Authors list
  • Last updated: 22 Apr 2025 by Skolon Support

The Skolon platform, in combination with Skolon Pass (a QR code-based login solution), can be configured to act as an external identity provider (IdP) for both Microsoft Entra (formerly Azure Active Directory) and Windows 11 devices. This setup enables students and staff—particularly younger students or users with accessibility needs—to sign in without usernames or passwords, simply by scanning a QR code. This streamlines access to Microsoft services like Teams, OneDrive, and Office apps, and makes logging in fast, secure, and user-friendly.

To enable this functionality, Skolon is set up as a SAML 2.0 identity provider within the Microsoft Entra environment. The configuration requires administrative access to Microsoft Entra and involves domain federation, the creation and management of immutable IDs, and domain-level trust settings.

To assign the use of external IDP for users in Microsoft, one or multiple sub-domains are created and federated. The users that should use Skolon Pass (QR-code) as an SSO method are then placed in the sub-domain.

Prerequisites

To install Skolon as an IDP to Entra, you will need the following in Skolon:

  • Users in the Skolon Platform

  • Email addresses in Skolon has to be identical to the email addresses used in Entra

  • Immutable ID’s in Skolon has to be identical to the immutable ID’s in Entra

  • A valid agreement with Skolon that covers the use of the Skolon Pass

Immutable IDs in Entra

When using external IdPs in Microsoft Entra, Entra relies on the use of Immutable ID rather than the UPN for identifying users. Immutable ID’s can either be generated in Skolon and set on your Entra accounts by installing an outgoing immutable ID-sync, or, if you already have immutable ID’s in Entra which are used for other purposes, pulled from Entra into Skolon with a secondary sync.

Entra and Windows licenses

To support the use of external IDPs in Entra on Windows devices (rather than just in the browser), the organization must be running Windows 11 with an EDU A3, A5, or Pro license, and the devices must be correctly enrolled and compliant with Microsoft's requirements for federated login methods.

Installation

Read the following support articles on how to install Skolon Pass to Entra and Windows devices:


Yes, this tcket was helpful. No, this article was unhelpful.
This Article Category Categories
Date Created
10 Apr 2025