Setting up SSO on Microsoft Entra ID

These instructions are for reference only. Company-specific security policies and best practices should be considered when implementing a SAML integration. These instructions cover the configuration of SAML on the IdP's side and contain IdP-specific details. 

This article details how to set up an application in Microsoft Entra ID for an SSO setup with Haiilo.

The general instructions for setting up SSO on Haiilo can be found in the Setting up Single Sign On on Haiilo article. Please follow those instructions for the Haiilo part of the setup.

Set up an application on Entra ID

You need admin rights in your Microsoft Entra ID account to create an application.

Create the application

  1. Log in to the Microsoft Azure Platform.
  2. Go to Microsoft Entra ID > Enterprise applications > New application
  3. Select Create your own application
  4. Give your app a name, e.g., Haiilo, and choose Non-gallery as the type
  5. Select Create

Define the basic configuration

  1. In your newly created application, go to Single sign-on and select method SAML
  2. In the upper menu, select Upload metadata file and select the metadata file you downloaded from Haiilo. More information in Setting up Single Sign On on Haiilo.
    • Alternatively, if you want to add the information manually, you can find the Entity ID and Reply URL in the metadata file to copy-paste into Entra ID.

upload Haiilo metadata in Entra ID to fill out basic configuration.png

Edit the claim mappings

  1. Select Edit in the Attributes & Claims settings
  2. Under Additional claims, edit the user.userprincipalname claim
  3. Remove the Namespace value and replace the Name value with exactly EmailAddress. This attribute is required for the SAML integration to work.
    • Microsoft tends to add the https://schemas... prefix to all attributes by default but this should be removed. The attribute should be only EmailAddress.
  4. Select Save
  5. Optionally, you can edit or remove the other attributes. The supported attributes are listed in Setting up Single Sign On on Haiilo.
  6. Exit the Attributes & Claims section

This is what the claim mapping should look like:

claim mapping EmailAddress on Azure.png

Assign users to the application

To ensure that your users can log in to Haiilo using SSO, they must be assigned to the application in Entra ID. You can assign all users during the setup process or at a later time closer to your launch date. However, during setup, you must assign at least one Company Admin who will complete the SSO setup in Haiilo.

  1. Go to Users and groups > Add user/group
  2. Select the users or groups that you want to assign to the application
  3. Select Assign

Download the metadata

  1. In the SAML Certificates section, select to download the Federation Metadata XML
  2. Go back to Haiilo and finish setting up the connection. Instructions can be found in Setting up Single Sign On on Haiilo.

Was this article helpful?