/
SAML Multi login configuration

SAML Multi login configuration

On this page

On this page

FROM VERSION 3.51.0

Overview

This configuration enables multiple XCALLY users to share a single Microsoft Azure AD SAML authentication account.
With this setup, XCALLY supports linking multiple user profiles — including Administrators, Users, and Agents — to the same Azure AD account using SAML Single Sign-On (SSO).

This allows one Microsoft Azure user to securely access the XCALLY web interface and its functionalities according to their XCALLY user role.

Previously, each Azure AD account could only be associated with one XCALLY user, based on the email field configured in XCALLY.
The new multi-login model simplifies SSO usage by allowing different XCALLY user roles to log in with the same Microsoft account — reducing the need for additional Azure licenses and improving usability for supervisors and administrators.

 

Video Tutorial

Requirements

Before enabling multi-user login, make sure that:

  • SAML SSO standard access is already configured on Motion V3, including both the client and the .env configuration file.

  • You have administrator credentials for your Azure Portal.

  • You have already set up the SAML application on Azure as described in the XCALLY Wiki Guide.

 

Configuration

  1. Log in to the Azure Portal as admin

  2. Open the SAML Application you previously created for XCALLY.

  3. Go to the Attributes & Claims section

image-20250513-100259.png

Add a new custom attribute — for example, ssoid — to be used for multi-login authentication.

  • Assign the Azure user’s email value (or another unique identifier) to this new attribute.

  • If you prefer to use the existing email attribute, you can skip creating a new one and use it directly in the XCALLY .env configuration (see next step).

  1. Edit the .env environment file, located under /var/opt/motion2/.env path and edit the file to add the multi login parameter ssoid (avoid any space character): 

  • XC_SAML_MULTI_USER_FIELD=ssoid 

As mentioned above, if you use the Azure user email as multi login attribute, instead of a custom value, you can use the email attribute directly: 
XC_SAML_MULTI_USER_FIELD=email 

  1. Save the .env file and restart the motion2 service from the server console: 

su – motion  pm2 restart motion2 

 

  1. Having SAML SSO already enabled:

    1. In the XCALLY interface, open each Admin, User, or Agent profile you want to associate with the same Azure account

    2. Go to Account → Authentication

    3. In the SAML ID field, enter the value of the attribute used for multi-login (based on your .env configuration). Example: If you used email as your multi-login attribute, enter the Azure user’s email address

    4. Save the configuration for each user

image-20250522-150045.png

 

Login on XCALLY

Once the configuration is complete:

  1. On the XCALLY Login page, click Login with SAML.

  2. The system will search for all XCALLY users whose SAML ID matches the SSO ID value from Azure AD.

  3. A pop-up window will appear showing the list of XCALLY users associated with that Azure account — including their respective roles (Admin, User, Agent).

  4. Select the desired user profile and click Login.

XCALLY will then open the corresponding interface based on the selected user role.

image-20250513-100923.png