Azure AD SAML Auth Integration

  • Updated on Nov 14, 2025
  • Published on Nov 7, 2025
  • 2 minute(s) read
  • CA
 Prev Next

🔹 Tasks to Perform on Azure

1. Azure Tenant Configuration

Ensure that Microsoft Entra ID configurations are enabled in the tenant where the setup will be performed.

For Azure configurations: Supportive Video from Okta Support Center

2. Create an Application

  • Go to Enterprise Applications.
  • Click New Application.
  • In the window that opens, click Create your own application and fill in the required form.
  • Once the application is created, go to the Overview screen and click Set up Single Sign-On.

3. Single Sign-On (SSO) Configuration

Select SAML as the Single sign-on method.
On the page that opens, fill in the following fields:

  • Identifier (Entity ID): Address of your Identity application (i.e for cloud AWS Ohio https://identity.ca.useast.knovvu.com/)
  • Reply URL (Assertion Consumer Service URL): Address of your Identity Server
    (i.e for cloud AWS Ohio https://identity.ca.useast.knovvu.com/account/saml-signin?tenantId={tenantId})
    Note: tenantId can be checked from Host Tenant

After filling in these fields, click Save.

4. SAML Certificate

  • Go to the SAML Certificates section and download the certificate as base64.
  • Upload the certificate to MinIO under the tenant’s bucket, following this example path:
    knovvu-ca/tenantname/3a14a5e4-499f-02e1-b500-1733b818c414/saml-certificate/saml.cert
  • Rename the file to saml.cert.

5. Login URL Information

Copy the Login URL value from the Azure portal.
This URL will be required for configuration in the CA system.

🔹 Tasks to Perform on CA

6. Enable the External Login Feature

Activate the External Login feature in the tenant where the SAML integration will be configured.

  • Login with Host Tenant
  • Go to SaaS > Tenants
  • Click Features under Actions of the relevant Tenant
  • Enable External Login feature

7. Define and Test Azure Login URL

  • Go to Administration> Settings> Other> External login
  • Enable the External Login option.
  • Paste the Login URL copied from Azure into saml server end point field.
  • Enter the web addres into Saml response default redirect end point field. (i.e. https://ca.eu.knovvu.com/)
  • Ensure a user already exists in the CA system with the same email address as on Microsoft’s side.
  • Then, open the CA Login screen in an incognito window.
  • Switch to the related tenant and test the SAML Login enabled.
  • Verify that the login is successfully redirected through Azure.

✅ Summary

Step Action Location
1 Enable Microsoft Entra ID configurations Azure
2 Create a new Enterprise Application Azure
3 Configure SSO (SAML) settings Azure
4 Download and upload the certificate to MinIO Azure & MinIO
5 Copy the Login URL Azure
6 Enable the External Login feature CA
7 Open CA login in incognito, switch tenant, and test External Login CA & Azure