Microsoft Entra ID (previously referred to as Azure AD) is a cloud-based identity and access management service that allows your employees to access external resources. Microsoft Entra ID supports Single-Sign On (SSO) with Enable, to simplify and secure user authentication.
If you are interested in using SSO with Microsoft Entra ID but have not yet discussed your requirements with Enable, please reach out to the reach out to the Enable Support team.
This article will guide you through:
Looking for something else?
-
Looking to understand which users are logging in with SSO? Learn how to track SSO via the user activity log here.
-
Alternatively, see our Help Center for more on SSO.
Requirements for integrating SSO with Microsoft Entra ID
In order to integrate SSO with Microsoft Entra ID for Enable, you must have:
-
A Microsoft Entra ID (formerly Azure Active Directory) tenant. This is your organization’s directory in Microsoft Entra ID.
-
Administrative access to the Entra ID tenant to configure SSO.
Note: If your organization is not registered with Microsoft Entra ID, you must set up an Entra ID tenant. This registration is required for making use of the SAML 2.0 features offered by Microsoft. For more details, visit Microsoft Entra here.
SSO information provided by Enable
To set up SSO with Enable, the following information is required for configuration on your end. Enable will provide the below SSO credentials.
SSO Credentials |
Description |
Entity ID |
The unique identifier for the SAML application in Enable. This is used to identify the application during login. |
Sign-on URL |
The SAML SSO URL where users are re-directed to start the login process. This is the same link as the SSO login URL for your users. |
ACS URL |
The URL where SAML assertions (login information) are sent after users have successfully logged in. Enable sends the SAML response to this URL to complete the login process. |
Logout URL |
The URL where users are redirected after logging out. This ensures that users are signed out from Enable and any other applications integrated with Microsoft Entra ID. |
Enable public service certificate |
The certificate used to securely send and verify login information. This ensures that SSO assertions are secure and can be verified by the application. |
Tip: If preferred, to simplify the configuration process, you can also request the Enable metadata XML file from Enable that includes all of the above credentials.
SSO steps you need to follow
The following instructions provide you with a step by step process to assist in the configuration of SSO for Enable, ensuring a seamless and secure integration process.
Step 1: Add Enable to Microsoft Entra ID
-
Navigate to Azure Active Directory.
-
Click on Identity and select Applications. Choose Enterprise Applications.
-
Click on + New Application.
-
Search for Enable application. If it is not in the gallery, you can add it manually.
-
Once created, you are re-directed to the new application Overview. Under the Manage section, click on Single sign-on.
Step 2: Configure SSO settings
-
Select SAML as the Single sign-on method.
-
Click on the pencil icon to Edit the Basic SAML configuration.
-
Configure the SSO credentials provided by Enable including the Entity ID, ACS URL, and Sign-on URL. Alternatively, click on Upload metadata file.
Step 3: Configure User Attributes and Claims (optional)
-
Click Add new claim to include additional user information required by Enable.
-
Enter the necessary details for the claim, such as the name.
Note: By default, Microsoft Entra ID sends basic information such as the user’s name, email, and unique ID to Enable. Further details may also be requested by Enable. For example, the user’s department or job title which can be added as custom claims.
Step 4: Configure SAML Signing Certificate
-
Click on SAML Signing Certificates.
-
Change the Signing Option to Sign SAML response. Click Save, and close the form. This ensures that the SAML response is signed with the certificate, providing an additional layer of security.
-
Under SAML Certificates, download the Certificate (Base64) to get your public certificate.
Tip: You have the option to download the Federation Metadata XML file to provide to Enable. This includes the certificate and all the credentials needed to set up SSO on Enable’s side.
Step 5: Assign Users and Groups
-
Navigate to Users and groups under the Manage section.
-
Click Add user/group to select the users or groups you want to assign to the application.
-
Click Assign.
What’s next?
Ready to verify that SSO is working? Learn more about testing and troubleshooting SSO here.