Configuring SSO with Microsoft Entra ID

Microsoft Entra ID (previously referred to as Azure AD) is a cloud-based identity and access management service that allows your employees to access external resources. Microsoft Entra ID supports Single-Sign On (SSO) with Enable, to simplify and secure user authentication.

If you are interested in using SSO with Microsoft Entra ID but have not yet discussed your requirements with Enable, please reach out to the reach out to the Enable Support team.

This article will guide you through:

1. Requirements for integrating SSO with Microsoft Entra ID

2. SSO information provided by Enable

3. SSO steps you need to follow

Looking for something else?

• Looking to understand which users are logging in with SSO? Learn how to track SSO via the user activity log here.

• Alternatively, see our Help Center for more on SSO.

Requirements for integrating SSO with Microsoft Entra ID

In order to integrate SSO with Microsoft Entra ID for Enable, you must have:

• A Microsoft Entra ID (formerly Azure Active Directory) tenant. This is your organization’s directory in Microsoft Entra ID.

• Administrative access to the Entra ID tenant to configure SSO.

Note: If your organization is not registered with Microsoft Entra ID, you must set up an Entra ID tenant. This registration is required for making use of the SAML 2.0 features offered by Microsoft. For more details, visit Microsoft Entra here.

SSO information provided by Enable

To set up SSO with Enable, the following information is required for configuration on your end. Enable will provide the below SSO credentials.

Tip: If preferred, to simplify the configuration process, you can also request the Enable metadata XML file from Enable that includes all of the above credentials.

SSO steps you need to follow

The following instructions provide you with a step by step process to assist in the configuration of SSO for Enable, ensuring a seamless and secure integration process.

Step 1: Add Enable to Microsoft Entra ID

• Navigate to Azure Active Directory.

• Click on Identity and select Applications. Choose Enterprise Applications.

• Click on + New Application.

• Search for Enable application. If it is not in the gallery, you can add it manually.

• Once created, you are re-directed to the new application Overview. Under the Manage section, click on Single sign-on.

Step 2: Configure SSO settings

• Select SAML as the Single sign-on method.

• Click on the pencil icon to Edit the Basic SAML configuration.

• Configure the SSO credentials provided by Enable including the Entity ID, ACS URL, and Sign-on URL. Alternatively, click on Upload metadata file.

Step 3: Configure User Attributes and Claims (optional)

• Click Add new claim to include additional user information required by Enable.

• Enter the necessary details for the claim, such as the name.

Note: By default, Microsoft Entra ID sends basic information such as the user’s name, email, and unique ID to Enable. Further details may also be requested by Enable. For example, the user’s department or job title which can be added as custom claims.

Step 4: Configure SAML Signing Certificate

• Click on SAML Signing Certificates.

• Change the Signing Option to Sign SAML response. Click Save, and close the form. This ensures that the SAML response is signed with the certificate, providing an additional layer of security.

• Under SAML Certificates, download the Certificate (Base64) to get your public certificate.

Tip: You have the option to download the Federation Metadata XML file to provide to Enable. This includes the certificate and all the credentials needed to set up SSO on Enable’s side.

Step 5: Assign Users and Groups

• Navigate to Users and groups under the Manage section.

• Click Add user/group to select the users or groups you want to assign to the application.

• Click Assign.

What’s next?

Ready to verify that SSO is working? Learn more about testing and troubleshooting SSO here.