Create an Application for SSO in Azure

To use Azure as your identity provider while using single sign-on, configure the correct settings for your app integration.

1. Open the Azure Portal.
2. Navigate to Microsoft Entra ID.
3. Click Enterprise applications.
4. Click New application.
5. Click Create your own application.
6. Enter a name for the application and select Integrate any other application you don’t find in the gallery (Non-gallery). The Overview page for the newly created application will open automatically.
7. Click the Set up single sign-on tile.
8. Click the SAML tile.
9. In the Basic SAML Configuration, click the Browse icon, then Edit.
10. In the Identifier (Entity ID) field, enter any URL (it will be replaced with the correct parameter later on).
11. Enter the same value in the Reply URL (Assertion Consumer Service URL) field.
12. Click Save.
13. In the Set up Application section, note the Microsoft Entra Identifier. This is the Identity Provider Issuer in the Own Data Platform.
14. In the SAML Certificates section, click the Browse icon, then Edit.
15. Under Signing Option, select Sign SAML response.
16. Click Save, then close the form.
17. Download the PEM certificate.
18. Enter these values in the corresponding fields in the Own Data Platform. (Optional: To enable SP-Initiated sign in, enable the SP-Initiated checkbox, copy the User access URL value from the Entra ID application Properties and paste it into the IdP SSO URL field.) Click Next. It may take a few minutes to verify your settings.
19. Once your settings are verified, the IdP Parameters will be displayed.
20. To configure your IdP via XML:
    1. Click Download XML File.
    2. In the Azure portal, on the app’s Single sign-on page, click Upload metadata file. Upload the XML file downloaded from the Own platform and click Add. The Basic SAML Configuration settings will populate automatically. Click Save.
    3. In the Azure portal, In the Basic SAML Configuration, click the Browse icon, then Edit.
    4. In the Azure portal, In the Basic SAML Configuration, click the Browse icon, then Edit.
    5. Enter the Default RelayState from the Own Platform into the Relay State field.
    6. Click Save.
21. To configure your IdP manually:
    1. In the Azure portal, In the Basic SAML Configuration, click the Browse icon, then Edit.
    2. Enter the IdP Parameters from the Own Data Platform in the corresponding fields:

       Parameter in Own	Parameter in Microsoft Entra ID
       Audience URI (SP Entity ID)	Identifier (Entity ID)
       Single Sign-On URL	Reply URL (Assertion Consumer Service URL)
       Default RelayState	Relay State

    3. Leave the Sign on URL field blank.
    4. If you have multiple parameters for each variable, select the variables from Own as the Default. You can remove other values to automatically select the default and avoid confusion.
    5. Click Save.
22. In the Attribute & Claims section, click Edit.
23. Under Required Claim, click Unique User Identifier (Name ID).
24. In the Source attribute dropdown list, select user.email.
25. Click Save.
26. If you have IPs allowlisted, navigate to the application's Networking settings, under the Exception section, enable Allow Trusted Microsoft Services to bypass this firewall.
27. Scroll down to the Test single sign-on section and click Test. The application properties will be displayed.
28. Copy the User access URL, paste it in your browser's address bar, and hit the Enter key.
    You should be successfully logged in to Own.