Skip to main content

Azure Entra ID (Azure AD) – Employee syncronistaion

 

Step 1: Create an Enterprise Application

  1. Go to https://entra.microsoft.com

  2. In the left menu, click "Applications"App "Enterprise applications"registrations"

  3. Click "+ New application"registration"

  4. Select "Create your own application"

  5. Enter a name (e.g. Sadevio VisitorEmployee SSOSYNC)

  6. Click Register

Choose "Integrate any other application you don't find in the gallery"Screenshot 2025-10-07 at 11.44.26 AM.png

Screenshot 2025-10-07 at 11.46.30 AM.png

  1. Click Create

Step 2: ConfigureClient SAML-based Sign-OnSecret

  1. In the new app, go to "SingleManage" sign-on"-> "Certificates & secrets"

  2. Select SAMLNew asclient the sign-on method

  3. Fill out the Basic SAML Configuration with the following values:

FieldValue
Identifier (Entity ID)https://cloud.sadevio.com/sadevio_module/api/localhost/saml/{tenant_id}
Reply URL (ACS URL)https://cloud.sadevio.com/sadevio_module/api/localhost/saml/callback?tenant={tenant_id}
Sign on URLhttps://cloud.sadevio.com
Relay State (Optional)(Leave empty)
Logout URL (Optional)https://cloud.sadevio.com/adevio_module/api/localhost/saml/logout?tenant={tenant_id}

💡 You can copy and paste these values from the configuration form inside the Sadevio admin panel.

Step 3: Configure User Attributes & Claims

  1. Click Edit under Attributes & Claimssecret

  2. EnsureGive theit following claims are included (default setup should already have them):

    • email → user’s email address

    • givenname → user’s firsta name which you like and an expiration date.

    • surname → user’s last name

    • name or userprincipalname → unique identifier (used as NameID)

ℹ️ The NameID claim should ideally be set to the user’s email address (you can adjust this in "Unique User Identifier").

Verification certificates.

On the sadevio platform, you can download the certificate to sign the authentication request. Download the certificate and upload it to entra.microsoft.com

Screenshot 2025-06-04 at 9.07.20 AM.pngScreenshot 2025-10-07 at 11.47.15 AM.png

SelectYou "Requirewill verificationneed certificats" and upload the sadevio certificate

Step 4: Download Certificate and SSO URL

  1. Under SAML Signing Certificate, download the following:

    • Certificate (Base64) – This is the X.509 Certificate

  2. Alsoto copy the Login"value" URLpart to sadevio.

    Screenshot 2025-10-07 at 11.49.25 AM.png

    This

    Step is3: Application permissions

    1. In the new app, go to Azure"Manage" SSO-> URL"API permissions"

    2. (Optional) Copy theSelect App Federation Metadata URL – used if you want dynamic configuration

    Step 4: Download Certificate and SSO URL

    1. Under SAML Signing Certificate, download the following:

      • Certificate (Base64) – This is the X.509 Certificate

    2. Also copy the Login URL – This is the Azure SSO URL

    3. (Optional) Copy the App Federation Metadata URL – used if you want dynamic configuration

    Step 6: Assign Users

    1. In Azure, go to the Users and groups section of the Enterprise App

    2. Click + "Add user/groupa permission"

    3. Select theMicrosoft users or groups who should be able to sign in using SSOGraph

    4. Select Application permission
    5. Add permission User.Read.All
    6. Select "Add permission"

    ClickScreenshot 2025-10-07 at 11.52.55 AM.png

    Select now Assign"Grant admin consent for youDomain.com"

Screenshot 2025-10-07 at 11.54.24 AM.png

Back to top