Skip to main content
All CollectionsSecurity and IntegrationsSSO
Setting up SSO with Microsoft Entra
Setting up SSO with Microsoft Entra

Step-by-step guide on how to setup SSO in your Microsoft Entra IdP.

Max Agha avatar
Written by Max Agha
Updated over 6 months ago

Here is a step-by-step guide on how to setup Sana as a SAML 2.0 application in Microsoft Entra.

SSO Configuration with Microsoft Entra

To configure SSO, you need one of the following roles: Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal (read more here).

  1. In the Azure portal, find the Manage section. Select “Single-sign on”

  2. On the Select a single sign-on method page, select SAML.

3. In the Basic SAML Configuration step enter the following info (Replace DOMAIN with your actual Domain at Sana):

4. In the Attributes & Claims step, make sure email, firstName and lastName are configured as attributes. Ensure that the format follows the same below, otherwise the accounts will not be created through the SAML request.

⚠️ Ensure that the namespace for each attribute is blank.

5. In the Set up single sign-on with SAML step, in the SAML Signing Certificate section, select Download to download the Certificate (Base64) from the specified options. You will need to provide this in a later step.

6. On the Set up step, copy the values from Login URL & Azure AD Identifier fields. You will need these at the next step

7. Provide your Sana Integrations Specialist / Engagement Manager with all the information here:

  • Login URL

  • Azure AD Identifier

  • Certificate (Base64)

8. We will set your Sana app with this configuration. Once this is done, you can test the setup using the Test single sign-on through your Identity Provider:

Troubleshooting Common Issues

1. No attribute value for email, firstName, or lastName

This means that the SSO configuration is not correctly setup. It's either the attribute is not in the same format (email could be Email) or there is a namespace in the attribute. Kindly double-check Step 4 above.

Our standard format for attributes are:

  • email

  • firstName

  • lastName

2. User is not assigned to the application

This means that your company's IT team has not added you to your company's Microsoft Entra Sana application. To resolve this, you'll just need to ask your company's IT team to add you to the Sana application in Microsoft Entra.

Did this answer your question?