To set up single sign-on for Azure

Request SSO access from

Only account admins can request single sign-on access for their accounts.

To kick off this process, send an email to Write that you want to set up Azure SAML SSO for Include these items in the message:

The Support team will respond with the connection information you’ll need to give in Azure.

Add to Azure

Add a non-gallery application in Azure

In the Azure Portal, browse to Azure Active Directory > Enterprise Applications > New application > Non-gallery application.

In the right panel, set the Name to “” and click Add.

Click Configure Single Sign-On, and choose SAML-based Sign-on.

Paste the SAML information from Support

Add a non-gallery application in Azure

Fill in these details from the Support email message:

  • In Identifier (Entity ID), paste Audience URI from the email
  • In Reply URL (Assertion Consumer Service URL), paste Single sign on URL from the email
Zip the SAML certificate

In the SAML Signing Certificate section of the page, click the Certificate (Base64) download link (next to the certificate).

Download the certificate file and zip it. You’ll attach this zip file to your next email to the Support team.

Save your configuration.

Get your endpoint information

Browse to Azure Active Directory > App registrations > Endpoints.

Copy the SAML-P SIGN-ON ENDPOINT, and paste this in the email that you’ll send to the Support team.

Send your SAML details to

Draft a new email to Support, and include these items:

  • Your zipped certificate (from step 4)
  • Your SAML-P SIGN-ON ENDPOINT (from step 5)
Configure Azure to send user groups

Return to the App registrations page. If you don’t see, click View all applications.

Open the application, and then click Manifest. In the manifest JSON, set groupMembershipClaims to "All". Click Save (top of the page).

(Optional) Restrict access to specific user groups

Add group

By default, all Azure users with access can sign in to your accounts.

You can restrict this access from the Manage users page for each of your accounts. To do this, click Add group, and then paste your group’s Object ID from Azure. Do this for each group that should have access to this account.

Receive confirmation from Support

When Support has created your Azure + connection, you’re done! You can start logging in to through your Apps portal.