Skip to main content

Integrating Microsoft Entra ID (formerly Azure) SSO

Matt Rawls
Updated

Table of Contents

How Does It Work?

Setup in Entra ID

Connect Entra ID from Within Findem

How Does It Work?

Findem supports SAML 2.0 for Microsoft Entra ID SSO. The Entra app integration allows end users in your org to use Single Sign-On (SSO) to provide a seamless authentication experience in Findem. Findem will utilize the unique identifier of email id to recognize users.

Note:

The integration does not currently support Just In Time (JIT) provisioning or SCIM. Users will still need to be manually provisioned through the Findem platform.

Setup in Entra ID

  1. As the Microsoft Admin user, get started by heading to your Entra Admin Console. Head to Enterprise Applications > All Applications > New Application. 
    Azure SSO 12.png
  2. Click Create your own application.
    Azure SSO 2.png
  3. Create an application name, preferably FindemPortalSSO or something that's easy to recognize. Then select Integrate any other application you don't find in the gallery (Non-gallery).
    Azure SSO 3.png
  4. From the Overview tab, choose Set up single sign on.
    Azure SSO 4.png
  5. Select SAML.
    Azure SSO 5.png
  6. You'll need to configure the Basic SAML Configuration by providing the Identifier (Entity ID) and Reply URL. To do so:
    1. Click the ellipsis (...) and enter the following values for Add identifier and Add reply URL:
    2. Set the Attribute & Claims section as shown in the image below. Note that user.mail and user.userprincipal.name are required for successful authentication. Also, the emailaddress attribute is now just email.
      Azure SSO 7.png
    3. On the same page, scroll down and copy & paste/download the following information. This will all be required shortly when finishing the integration from within Findem:

      • App Federation Metadata URL

      • Certificate (Base 64)

      • Microsoft Entra Identifier
        Azure SSO 8.png

    4. Head to the Properties tab to find, copy & paste the User access URL. This is also going to be required shortly in Findem.
      Azure SSO 9.png
    5. Head to the Users and groups section to assign the correct users and/or groups for the SSO configuration.

Troubleshooting Authentication Errors

If users encounter authentication errors when logging in via Microsoft Entra SSO, this may be due to a mismatch between the authentication method being used and the method expected by the application.

The AADSTS75011 error specifically indicates that the authentication method used (such as MFA or FIDO) does not match the method requested by the application (like password-based login).

To resolve these issues:

  • Try logging in with a standard password.
  • Consult with your application administrator to verify supported authentication methods.
  • Ensure authentication requirements are properly aligned between Findem and Microsoft Entra ID.

Connect Entra ID from Within Findem

Note:

The Microsoft Admin user will also need Findem Admin access in order to complete the integration steps.

  1. As the Microsoft Admin user, in Findem, navigate to Admin > Organization Settings.
    1. From the Security tab, click Connect SAML SSO. Enter the appropriate values you received from Entra ID.
      • Issuer: This is the Microsoft Entra Identifier you copied and pasted from Entra
      • EntryPointURL: This is the User access URL you copied and pasted from Entra
      • SSO Provider: Azure Active Directory
      • Authorization Context: Leave blank
      • CERT Data: This is the Base 64 certificate you downloaded from Entra. Upload the file here
      • MetaDataUrl: This is the App Federation Metadata RL you copied from Entra

        Azure SSO 10.png
    2. Click Save.

Related articles

Comments

0 comments

Please sign in to leave a comment.