Using Microsoft Entra ID for SAML SSO

Configuration: DOC -> Administration -> Accounts -> SAML authentication

Before you can use Microsoft Entra ID for single sign-on with SAML, a few configuration steps are necessary.

You will need to copy some data during configuration. We recommend opening a text file in which you save the following information: redirection URL, content of the XML file, application ID, etc.

Please do the following:

1. Open the SAML authentication tab in the DOC under Accounts and create a new SAML configuration.

2. In the Identity Provider section, copy the redirect URL (or callback URL) for the identity provider settings into your text file.

   

3. Log in to your Azure portal and select Microsoft Entra ID in the Azure services.

4. Open the App registrations menu under Manage on the Overview start page and select New registration.

   

5. Register the application by entering a descriptive name and select the option [...] Single tenant under Supported account types. In the example below, the name is 'my-saml-configuration'. Also select the option Single-page application (SPA) under Redirect URI (optional) and then copy the redirect URL from your text file into the field outlined in green.

   Then click on the Register button.

   

6. Once the application has been created, you will be redirected to the App registrations start page. Select the Authentication menu item. Here you can check the redirect URL and adjust it if necessary. Check ID tokens (see figure) and save your settings.

   

7. Next, open the Token configuration menu item. Here you select Add optional claim.

   

8. Select the following options in the Add optional claim dialog:

   

9. Activate the Microsoft Graph e-mail authorization and then click on Add.

   

   This allows you to set the Graphs authorization directly via the wizard:

   

10. Once you have completed the above steps, click Overview again, which will take you back to the start page of your SAML app registration.

    

11. Here, click Endpoints. Various endpoint definitions are displayed.

    

12. Copy the URL to the XML file under Federation metadata document into your text file.

13. Return to the start page of your SAML app registration and copy the application (client) ID into your text file.

    

14. The configuration within Azure is now complete and you can now continue with the configuration in the DOC. To do this, go to the SAML authentication tab again (see Point 1).

15. In the Service Provider section, enter the copied Application ID from your text file under Entity ID of the service provider.

    

16. Finally, in the Identity provider metadata section, insert the URL from your text file and click Import.

    

17. Make sure that you have set SAML as the active provider by ticking the Active box.

    

18. Save your SAML configuration.

19. Optional: If you want to use the Microsoft Entra ID integration in addition to the SAML configuration, you can link the SAML configuration you have just created with your Microsoft Entra ID configuration to enable logins via group memberships.