Skip to main content

Azure <> Enterpret: SAML SSO

Configuring Okta SAML Application to sign-in to Enterpret

Team Enterpret avatar
Written by Team Enterpret
Updated over 8 months ago

Configuring SSO

In this section, we'll go through a step-by-step guide to configure SAML SSO on Microsft Azure for Enterpret. You can read more about using SSO on Enterpret here.



NOTE: You might require elevated permissions on Azure to perform the following steps. Please contact your account admin if you don't find any of the referred settings on your Azure dashboard.

Creating an Application

  1. Navigate to Applications > Enterprise Applications on your Azure dashboard


  2. On the Applications page, click on New application


  3. Next click on Create your own application


  4. On the modal that pops up, provide the following input:

    1. Add Enterpret SAML App as the application name

    2. Select Integrate any other application you don't find in the gallery (Non-gallery) as the application type.

    3. Click On Create

Configure SAML Application

  1. Under Manage, click on Single sign-on.

  2. Select SAML from the option

  3. Provide the following input in the Basic SAML Configuration section:

    1. Identifier (Entity ID): urn:amazon:cognito:sp:us-east-2_kLiRrPBis

    2. Reply URL (Assertion Consumer Service URL): https://enterpret-prod.auth.us-east-2.amazoncognito.com/saml2/idpresponse

    3. You can leave Sign-on URL, Logout URL, and Default RelayState empty.

Note: For Idp-initiated SSO, you will need to provide the relay state value. Please reach out to Team Enterpret to get the value.

4. Adding claims to your SSO Aplication

Verifying the Correct Source Attribute for Email

Before proceeding with attribute configuration, ensure that the correct attribute is mapped to the email claim.

  • Navigate to Microsoft Entra ID > Users > Select a sample user.

  • Check the User Principal Name (UPN) and Mail attributes.

  • If users only have their email in User Principal Name (UPN), map user.userprincipalname.

  • If users have valid email addresses in Mail, map user.mail to the email claim, instead.

  • Confirm with your IT admin if UPN is always an email format in your organization before finalizing the mapping.

Adding Claims to your SSO application

  • Under Attributes & Claims, click on Edit icon

  • Click on Add new claim

  • Add Name as email

  • Select Source as Attribute

  • Add Source attribute as the verified email attribute (user.userprincipalname or user.mail) based on the verification step above.

  • Namespace can be left empty

  • Click on Save Icon on the top.

You have successfully created an Application that would allow Microsoft Azure to communicate with Enterpret! As the next steps, you'll need to copy relevant details from the created app and configure it on the Enterpret dashboard.


Copying Metadata URL Values

On the Single sign-on page , you can copy the App Federation Metadata URL from SAML Certificates section, this is the metadata URL that you will need to configure on the Enterpret dashboard.



Related Articles
Okta <> Enterpret: OIDC SSO
Using Single Sign-on (SSO)
Configure SCIM 2.0 with Okta
Okta <> Enterpret: SAML SSO
SCIM with Azure
Did this answer your question?