Setting Up SSO with Microsoft Entra ID

This guide walks through configuring Microsoft Entra ID (formerly Azure Active Directory) as your SAML SSO provider for Auxia.

Prerequisites

Before you begin, confirm you have the following:

• Admin access to the Microsoft Entra admin center
• ACS URL from your Auxia representative
• SP Entity ID from your Auxia representative

If you don't have the ACS URL and SP Entity ID yet, contact your Auxia representative before proceeding.

---

Step 1: Create an Enterprise Application

1. Log in to the Microsoft Entra admin center.
2. In the left sidebar, expand Identity → Applications → Enterprise applications.
3. Click New application.
4. Click Create your own application.
5. Enter a name for the application (e.g., Auxia).
6. Select Integrate any other application you don't find in the gallery (Non-gallery).
7. Click Create.

---

Step 2: Configure SAML

1. From your new application's overview page, click Single sign-on in the left sidebar.

2. Select SAML as the sign-on method.

3. In the Basic SAML Configuration section, click Edit.

4. Fill in the following fields:

   Field	Value
   Identifier (Entity ID)	Paste the SP Entity ID provided by Auxia
   Reply URL (Assertion Consumer Service URL)	Paste the ACS URL provided by Auxia

5. Click Save.

---

Step 3: Verify Attribute Mappings

1. In the Attributes & Claims section, click Edit.

2. Confirm the following claim mappings are present:

   Claim	Source attribute
   Email address	user.mail
   Given name	user.givenname
   Surname	user.surname
   Name	user.userprincipalname

3. Ensure namespace values end in /claims.

4. Click Save if you made any changes.

---

Step 4: Assign Users and Groups

1. In the left sidebar, click Users and groups.
2. Click Add user/group.
3. Select the users and groups who should have access to Auxia.
4. Click Assign.

Note: Only users assigned here will be able to authenticate to Auxia via SSO.

---

Step 5: Copy the Metadata URL

1. Return to the Single sign-on page for your application.
2. Scroll to the SAML Signing Certificate section.
3. Copy the App Federation Metadata URL.

---

Step 6: Share the Metadata URL with Auxia

Send the App Federation Metadata URL to your Auxia representative. They will use it to complete the SSO connection on the Auxia side.

Once your Auxia representative confirms the connection is active, your users will be able to log in to Auxia Console using their Microsoft credentials.

---

Troubleshooting

Users can't log in after setup

• Confirm the user is assigned to the Entra ID application (Step 4).
• Verify the ACS URL and SP Entity ID were entered correctly (Step 2).
• Check that the attribute mappings are correct (Step 3).

The metadata URL isn't working

• Make sure you copied the App Federation Metadata URL, not the Certificate download link.
• If the URL has expired, regenerate the signing certificate and share the new metadata URL with your Auxia representative.

Need help?

Contact your Auxia representative or reach out to support@auxia.io.