SSO Configurations identity provider - Microsoft Entra ID

For SSO setup, we will send the SSO setup link to the user via email. The user can then click on the link from their email to proceed with the setup.

When the user opens the link, they will see a screen like this. They need to click on "SSO Configuration" to begin the setup process.

After clicking on SSO Configuration, the user will see a screen like this. From here, they need to select their Identity Provider (IdP) — for Idp Microsoft click on Azure Entra ID

once the user clicks on Azure Entra ID, they will see the SAML button appear. They need to click on the SAML button to proceed with setting up SSO using the SAML protocol.

Identity Provider Information Setup (via Azure management portal)

  1. Log in to your Azure management portal.

  2. Search and select Microsoft Entra ID.

  3. In the left navigation panel, expend the "Manage" section and select "Enterprise applications".

  1. Click on New application.

  1. Click on Create your own application.

  1. In the panel on the right, enter an app name and select the Integrate any other application you don't find in the gallery (Non-gallery) option, and click Create.

  1. Click on Get Started in the Set up single sign on box.

  1. Click on Single sign-on on the left pane, and select SAML.

  1. Click on Edit.

scroll down, and press Continue. Service Provider Information Under Identifier (Entity ID), Click on Add identifier and enter the following value

Under Reply URL (Assertion Consumer Service URL), Click on Add reply URL and enter the following value

  • Click Save when you are done and press Continue.

Add users and groups to the application

To assign users and groups to the application, follow these steps:

  • On the left menu, click on Users and groups, and then on Add user/group.

In the Users section on the left, click on None Selected. On the right side pane, select the users or groups you want to give access to your application. Finish by clicking on Select at the bottom.

Click on Assign at the bottom.

when you are done press Continue.

Identity Provider Information

In the SAML application properties page, follow these steps:

  • Select Single sign-on from the left side panel and scroll down to section 3: SAML Certificates, and Download the Certificate (Base64) file.

Open the file using text editor, copy it's content and paste it to the following field

Scroll down to section 4: Set up {App Name}. Copy the Login URL and "Microsoft Entra Identifier values to the following fields

"Login URL" is required , "Microsoft Entra Identifier" is required , "Certificate (Base64)" is required

when you are done press Continue.

User Attribute Mapping

You can add attributes to the SAML response by clicking the edit button on the Attributes & Claims tab.

The default attributes are shown, select Add new claim to add more user attributes.

Map the attributes from Entra ID here

Map attribute names from Azure Entra ID to supported user attributes. This will sync on every user authentication.

when you are done press Continue.

Group Attribute Mapping

To add group attribute, follow these steps:

  • click on Add a group claim.

select which groups associated with the user should be returned in the claim and the source format.

Group Mapping

Enter the name of the attribute used by Azure Entra ID for group associations. We will use it to retrieve group names that can later on be mapped to roles.

when you are done press Continue.

The below domains are used to determine which SSO configuration to load once a user chooses to authenticate using SSO.

when you are done press Continue and Test your current SSO configuration to make sure all parts are set properly save and Test.

PreviousSSO Configurations identity provider - Google workspaceNextAdministrative Guide

Last updated