Skip to main content
How to configure SSO with Microsoft Entra ID (SAML)
Julia Voortman avatar
Written by Julia Voortman
Updated over a month ago

This document is a step-by-step guide to setting up Security Assertion Markup Language (SAML) SSO using Microsoft Entra ID (formerly Azure Active Directory).

Please note that SSO does not apply to the app, only to the Resolution Hub, and will therefore only be used to allow case managers and admins to access the resolution hub.

Getting started

  1. Log in to your Entra ID admin panel. You must have permission to access the admin panel to add the Vault Platform app to your list of applications.

  2. Search for Vault Platform in the Microsoft Entra Gallery:

  3. Select the Create button to initiate adding Vault Platform to your apps:

  4. On the Select a single sign-on method page, select SAML:

  5. On the Set up single sign-on with SAML page, select the Edit button for Basic SAML Configuration:

  6. In Vault, navigate to Administration > Authentication and choose Azure - SAML as your identity provider:

  7. Then, copy your consumer reply URL to your clipboard:

  8. Inside your SAML configuration settings, paste your reply URL in the Reply URL field in the following format and then select Save: https://vaultplatform.com/api/portal/sessions/saml/company-identifier

  9. On the Set up single sign-on with SAML page, in the SAML Signing Certificate section, find Certificate (Base64) and select Download to download the certificate:

  10. Back inside the Resolution Hub, navigate back to the Administration > Authentication page. Using the details from the SAML setup page in Entra, enter your Issuer URI (the Identifier/Entity ID), SSO URL (the Login URL), and Certificate (the Base64 certificate):

    Your page should look something like this:

  11. Select Save and then confirm that you want to change the login method for all Resolution Hub users. Users currently logged in to Resolution Hub will not be logged out immediately, but will have to log in using Microsoft on their next session.

You’re done! All Resolution Hub users will now be authenticated by Entra ID SSO when they next log in.

To test your setup, open a new incognito web browser window and navigate the Resolution Hub login page and type in your email address. You should be redirected to Microsoft to complete sign-in. After authenticating with Entra ID, you should be logged in to Resolution Hub.

Troubleshooting

If you get a SAML auth error page while trying to log in to Resolution Hub, this is usually because:

  1. the Azure user you are trying to log in with has not been added to the Vault Platform application in Azure (check the Assignments tab)

  2. the email address you are using for your Azure user does not match a user email address in Vault Platform.

Finally, please double-check that you have used the correct Issuer URI, which you can find in Azure.

Need more help?

If you have problems or issues with Vault Platform and Entra ID, contact the Vault team [email protected] and we’ll work with you on it.

Did this answer your question?