14 August 2025

Engage Authentication

You can use Engage authentication functionality during the login process to match the user's Engage credentials to their ebs record using Microsoft Entra ID authentication or Google Workspace. This process enables Engage users to authenticate with ebs and Microsoft Office 365.

This authentication method removes the need to populate individual user records with OIDC (OpenID Connect) GUID (Globally Unique Identifier) information.

The following diagram illustrates the interaction between ebs and the authentication server (Engage Identity Server (IDS) in this illustration).

Authentication process

To configure Engage authentication:

Use the Match users using OIDC Issuer ebs Property institution setting (on the Engage screen) to specify whether to use ebs Properties to match users.

If set to 'Y', you can use the OIDC Issuers reference data to define the mapping values. If these are not set, the OIDC subject is used as a default.

Match users using OIDC Issuer ebs Property institution setting

Use OIDC Issuers reference data to set issuer records.

Engage authentication issuer records:

  • IdentityServer – this must always be included and the claim name should be configured to smsid

  • ThirdParty – must be used if authenticating with Microsoft Entra ID

  • Google – must be used if authenticating with GSuite

OIDC Issuers reference data

Properties chosen must not be mutable, and must not be modifiable by the end user.

You can match on the following properties with ebs:

• College Email (PEOPLE.COLLEGE_EMAIL) (for example: claim name email)

• External Identifier (EXTERNAL_IDENTIFIERS.ID)

• Person Code (PEOPLE.PERSON_CODE)

• User ID (USERS.ID)

• Username (USERS.NAME)

Properties should be chosen that can uniquely identify an individual, either within ebs or externally. When matching on properties, if a match cannot be made, or there are multiple records in ebs with the same match information, authorisation to ebs will be refused.

To test Engage Authentication:

Use the EdgeSmsUserInfoV2 screen in Interfaces Designer to validate test data and ensure the correct record(s) is matched.

EdgeSmsUserInfoV2 screen

Use Engage Authentication to log in with a web browser.

  1. Navigate to the Engage web application.

    The Tribal login screen is displayed.Azure AD button

  1. Click the Microsoft Entra ID button.

    The Microsoft Office 365 Sign in screen is displayed.

    Next button

  1. Enter the relevant user name or email address. Click Next.

    The Enter password screen is displayed.

    Sign in button

  1. Enter password details. Click Sign in.

    The Engage screen is displayed.

    Tribal Engage screen

Refer to Engage Integration for further information. Please refer to Engage documentation for guidance on configuring the Azure or GSuite tenant