Microsoft Entra ID

​

Enabling SAML

In order to enable SAML using Microsoft Entra ID (Previously Azure AD SSO), we need the following steps to be taken:

• Go to the Microsoft Entra portal
• On the left, choose Applications → Enterprise Applications

• Click on “New Application”

• Click on “Create your own application”

• Choose the last option in the side-window that opens and click “Create”

• In the App window that opens, click on “Single Sign-On”

• Choose SAML

• Click on Edit on the “Basic SAML Configuration” section

• Fill the following entries:
  • Identifier (Entity ID) - elementary
  • Reply URL - https://elementary-data.frontegg.com/auth/saml/callback
• Download the Federation Metadata XML and send it to the Elementary team.

• We recommend setting up a short call where we’ll validate together that the new configuration works.
• After that, if you wish, we can disable until you update your team internally about the new configuration and update when you give us the OK!

​

Provisioning

Elementary supports user provisioning via SCIM to automate user management. If you want to enable automatic provisioning, follow these steps:

• In the Microsoft Entra portal, go to Enterprise Applications and select the newly created SAML application.
• Navigate to Provisioning and click Get Started.
• Set the Provisioning Mode to Automatic.
• Configure the Tenant URL and Secret Token (email the Elementary team for a 1password vault with the configuration).
• Click Test Connection to validate the setup.
• Enable provisioning and save changes.

This setup ensures that users are automatically created, updated, and deactivated in Elementary based on their status in Microsoft Entra ID. You can always reach out if you need any help.