Skip to main content
Version: Config V2

Entra ID (Azure AD) Identity Provider

Connect ConfigCat with Entra ID via SAML.

Introduction

Each SSO Identity Provider requires specific information to configure a SAML integration. The following guide will walk you through how you can connect ConfigCat with Entra ID as a SAML Identity Provider.

1. Create an Entra ID Enterprise Application

  • Log in to the Azure Portal, go to the Entra ID resource, and select Enterprise applications.

    Entra ID enterprise applications

  • Click on New application.

    Entra ID new application

  • Click on Create your own application.

    Entra ID create own application

  • Enter a descriptive App name, select the Integrate any other application you don't find in the gallery (Non-gallery) option, then click Create.

    Entra ID app name

  • On the Manage section of the application, select Single sign-on, then select SAML.

    Entra ID enable SAML

The next step will guide you on how to collect the information required for Configuring SAML in the application.

2. Configure SAML for the Azure Enterprise Application

  • Open your organization's authentication settings on the ConfigCat Dashboard.

    ConfigCat authentication settings

  • Click ADD SAML IDENTITY PROVIDER.

    ConfigCat Add Identity Provider

  • Give a name for your Identity Provider, and click Create.

    ConfigCat Name Identity Provider

  • From the next section of the dialog, copy the following values and paste them into the Enterprise application.

    • Entity ID -> Identifier (Entity ID)

    • Assertion Consumer Service -> Reply URL (Assertion Consumer Service URL)

      ConfigCat SAML configuration Entra ID URL configuration Entra ID URLs

3. Configure ConfigCat with SAML Details from Azure

You can choose one of the following options to configure ConfigCat with SAML Identity Provider metadata.

  • Copy the value of App Federation Metadata Url.

    Entra ID metadata URL

  • Paste the copied value into the Metadata URL field at ConfigCat.

    ConfigCat Entra ID metadata URL

  • Select the trusted domains. Only user accounts from trusted domains can login with SAML SSO. You can bind multiple verified domains to a SAML Identity Provider.

    Select trusted domains

  • Click on Save.

4. Assign Users to the Enterprise Application

To let users authenticate via SAML, you need to assign individual users or groups to the Enterprise application.

  • Select Users and groups on the Manage section of the menu.

    Entra ID users and groups

  • Click Add user/group, then select the users or groups you want to assign.

    Entra ID add user/group

5. Sign In

  • Go to the ConfigCat Log In page, and click COMPANY ACCOUNT - SAML.

    ConfigCat SAML login

  • Sign in with your company email address assigned to the Enterprise application.

    ConfigCat SAML company login

  • ConfigCat will redirect you to Microsoft's sign in page. Type your credentials for sign-in.

    Entra ID sign in page

  • You should be redirected to ConfigCat signed in with your company account.

6. Next Steps