Azure Entra ID (Azure AD) – SAML SSO Configuration Guide
Step 1: Create an Enterprise Application
-
In the left menu, click "Applications" → "Enterprise applications"
-
Click "+ New application"
-
Select "Create your own application"
-
Enter a name (e.g.
Sadevio Visitor SSO
) -
Choose "Integrate any other application you don't find in the gallery"
-
Click Create
Step 2: Configure SAML-based Sign-On
-
In the new app, go to "Single sign-on"
-
Select SAML as the sign-on method
-
Fill out the Basic SAML Configuration with the following values:
Field | Value |
---|---|
Identifier (Entity ID) | https://cloud.sadevio.com/sadevio_module/api/localhost/saml/{tenant_id} |
Reply URL (ACS URL) | https://cloud.sadevio.com/sadevio_module/api/localhost/saml/callback?tenant= |
Sign on URL | https://cloud.sadevio.com |
Relay State (Optional) | (Leave empty) |
Logout URL (Optional) | https://cloud.sadevio.com/adevio_module/api/localhost/saml/logout?tenant= |
💡 You can copy and paste these values from the configuration form inside the Sadevio admin panel.
Step 3: Configure User Attributes & Claims
-
Click Edit under Attributes & Claims
-
Ensure the following claims are included (default setup should already have them):
-
email
→ user’s email address -
givenname
→ user’s first name -
surname
→ user’s last name -
name
oruserprincipalname
→ unique identifier (used as NameID)
-
ℹ️ The NameID
claim should ideally be set to the user’s email address (you can adjust this in "Unique User Identifier").
Verification certificates.
On the sadevio platform, you can download the certificate to sign the authentication request. Download the certificate and upload it to entra.microsoft.com
Select "Require verification certificats" and upload the sadevio certificate
Step 4: Download Certificate and SSO URL
-
Under SAML Signing Certificate, download the following:
-
Certificate (Base64) – This is the X.509 Certificate
-
-
Also copy the Login URL – This is the Azure SSO URL
-
(Optional) Copy the App Federation Metadata URL – used if you want dynamic configuration
Step 4: Download Certificate and SSO URL
-
Under SAML Signing Certificate, download the following:
-
Certificate (Base64) – This is the X.509 Certificate
-
-
Also copy the Login URL – This is the Azure SSO URL
-
(Optional) Copy the App Federation Metadata URL – used if you want dynamic configuration
Step 6: Assign Users
-
In Azure, go to the Users and groups section of the Enterprise App
-
Click + Add user/group
-
Select the users or groups who should be able to sign in using SSO
-
Click Assign