Setting up SSO on Microsoft Entra ID

These instructions are for reference only. When implementing a SAML integration, consider company-specific security policies and best practices. These instructions cover the configuration of SAML on the IdP's side and contain IdP-specific details. 

This article details how to set up an application in Microsoft Entra ID for an SSO setup with Haiilo.

Important: SSO Pre-Configuration Steps. If you are planning to allow users to self-select their own groups during onboarding, you must configure the "Can users self-register" and "Email domains" settings in Invitations & Registrations for each group before activating SSO. These settings remain active and govern which groups users can self-select during the onboarding process, even with SSO enabled. If you're using SCIM, you can ignore these settings.

1. Download the metadata from Haiilo

Only a Company Admin can set up Single Sign-On on Haiilo.

  1. On your Haiilo platform, go to Administration > Settings > Single Sign-On.
  2. Select Download metadata file.

2. Set up an application on Entra ID

You need admin rights in your Microsoft Entra ID account to create an application.

Create the application

  1. Log in to the Microsoft Azure Platform.
  2. Go to Microsoft Entra ID > Enterprise applications > New application.
  3. Select Create your own application.
  4. Give your app a name, e.g., Haiilo, and choose Non-gallery as the type.
  5. Select Create.

Define the basic configuration

  1. In your newly created application, go to Single Sign-On and select the SAML method.
     
  2. In the Basic SAML Configuration section, select Edit.
  3. Open the metadata file you downloaded from your Haiilo platform.
  4. Copy and paste the following values from the metadata file into Entra ID. You cannot upload the metadata file to Entra ID; the information has to be filled out manually.
    • In the Identifier (Entity ID) field in Entra ID, enter the entityID value from the metadata file.
    • In the Reply URL (Assertion Consumer Service URL) field in Entra ID, enter the Location value from the metadata file.
  5. Select Save, followed by Exit.

You do not need to edit any other settings in the configuration. All other fields, including the attributes and claims, can be left as is.

upload Haiilo metadata in Entra ID to fill out basic configuration.png

Assign users to the application

To ensure that your users can log in to Haiilo using SSO, they must be assigned to the application in Entra ID. You can assign all users during the setup process or at a later time closer to your launch date. However, during setup, you must assign at least one Company Admin who will complete the SSO setup in Haiilo.

  1. Go to Users and groups > Add user/group.
  2. Select the users or groups that you want to assign to the application.
  3. Select Assign.

Download the metadata

  1. In the SAML Certificates section, select to download the Federation Metadata XML.

3. Finalize the SSO setup on Haiilo

  1. Go back to Haiilo > Administration > Settings > Single Sign-On.
  2. Upload the metadata by selecting Upload metadata file.
  3. Then, select Test the configuration. You will be directed to test the login. If the login flow works and you can access Haiilo, the configuration has been successful.
    • If you receive an error from your identity provider, please ensure your account has been assigned to the application and you are allowed to access it.
  4. If everything works as expected, enable SAML by toggling the Enable SAML switcher.

Was this article helpful?

0 out of 0 found this helpful