Skip to main content

Azure AD Identity Provider

Connect ConfigCat with Azure Active Directory via SAML.


Each SSO Identity Provider requires specific information to configure a SAML integration. The following guide will walk you through on how you can connect ConfigCat with Azure Active Directory as a SAML Identity Provider.

1. Create an Azure AD Enterprise Application

  • Log in to the Azure Portal, go to the Azure Active Directory resource, and select Enterprise applications.

    Azure AD enterprise applications
  • Click on New application.

    Azure AD new application
  • Click on Create your own application.

    Azure AD create own application
  • Enter a descriptive App name, select the Integrate any other application you don't find in the gallery (Non-gallery) option, then click Create.

    Azure AD app name
  • On the Manage section of the application, select Single sign-on, then select SAML.

    Azure AD enable SAML

The next step will guide you on how to collect the information required for Configuring SAML in the application.

2. Configure SAML for the Azure Enterprise Application

  • Open your organization's authentication settings on the ConfigCat dashboard.

    ConfigCat authentication settings

    ConfigCat Add Identity Provider
  • Give a name for your Identity Provider, and click Create.

    ConfigCat Name Identity Provider
  • From the next section of the dialog, copy the following values and paste them into the Enterprise application.

    • Entity ID -> Identifier (Entity ID)

    • Assertion Consumer Service -> Reply URL (Assertion Consumer Service URL)

      ConfigCat SAML configurationAzure AD URL configurationAzure AD URLs

3. Configure ConfigCat with SAML Details from Azure

You can choose one of the following options to configure ConfigCat with SAML Identity Provider metadata.

  • Copy the value of App Federation Metadata Url.

    Azure AD metadata URL
  • Paste the copied value into the Metadata URL field at ConfigCat.

    ConfigCat Azure AD metadata URL
  • Select the trusted domains. Only user accounts from trusted domains can login with SAML SSO. You can bind multiple verified domains to a SAML Identity Provider.

    Select trusted domains
  • Click on Save.

4. Assign Users to the Enterprise Application

To let users authenticate via SAML, you need to assign individual users or groups to the Enterprise application.

  • Select Users and groups on the Manage section of the menu.

    Azure AD users and groups
  • Click Add user/group, then select the users or groups you want to assign.

    Azure AD add user/group

5. Sign In

  • Go to the ConfigCat Log In page, and click COMPANY ACCOUNT - SAML.

    ConfigCat SAML login
  • Sign in with your company email address assigned to the Enterprise application.

    ConfigCat SAML company login
  • ConfigCat will redirect you to Microsoft's sign in page. Type your credentials for sign-in.

    Azure AD sign in page
  • You should be redirected to ConfigCat signed in with your company account.

6. Next Steps