Microsoft Entra ID (Azure AD)

Step by step guide on how to configure Azure AD SSO
Summary - Integrating with Okta SSO

Create application in Azure

Go to Home -> Enterprise applications -> Create your own application.

Set up SSO in Azure and configure8

After the application is created, enter it and go to the Single Sign-on menu and select SAML:
In the Azure Single Sign On configuration, edit the step 1 and add:
  1. 1.
    Identifier as "" .
  2. 2.
    Get your "Organization ID" value from configure8 application in: Settings -> Organization -> Organization ID. Should be a hash string for instance: "7c4b66c9-22db-r2d2-8cea-126e781a5d42" .
    • Set the Reply URL as "", replacing with your Org ID.
  3. 3.
    Index as "1". We will verify this in the end after generating metadata on configure8 interface.
  4. 4.
Copy the Login URL from step 4:
Go to configure8 SSO menu (Settings->Organization->SSO->Setup) and paste it on the Login URL.
Download the Certificate (Base64) in step3:
Open the certificate in a text editor. Be sure the copy the whole content, including the BEGIN and END certificate lines, like this:
Some text editors can change the formatting of the file while opening it. We have seen problems using Windows Notepad to copy this information. In that case, we recommend using VS Code or other programming text editor.
Go to configure8 SSO menu (Settings->Organization->SSO->Setup) and paste it on the Signing Certificate:
After saving, you will be provided with a Sign-on URL for your users to login:
You are also provided with the metadata when clicking in the Generate Metadata.
Double check the entityID, Location and index, should be the same you provided in the Azure Step 1 - Identifier, Reply URL and Index. In case values are different, go into Azure configuration Section 1 and update there.
The other highlighted field emailAddress is showing that the "Unique user identifier" field have to be the email, as we are going to see in the next section.
All done in the general set up. Next step is to set up User Attributes.

Set up User Attributes

Edit the section 2 - Attributes & Claims:
As showed in the metadata we saw in the above section, the Unique User Identifier (Name ID) should be the Email Address:
For configure8 SSO the following Additional claims values must be created:
Make sure you don't have a namespace defined for the email, FirstName and LastName new claims, like this:
  • Other attributes mapping may be enable by default in your organization. That won't affected configure8.
  • Each organization may have FirstName, LastName and email mapped in different fields. That should be changed to reflect your org settings in Azure AD.
Copyright © 2023 configure8, Inc. All rights reserved.