Azure Active Directory (Azure AD), part of Microsoft Entra, is an enterprise identity service that provides single sign-on, multifactor authentication, and conditional access to guard against 99.9 percent of cybersecurity attacks.


Configure Azure AD SSO for

Here’s how to integrate with Azure Active Directory so that your users can automatically sign in to using their Azure AD accounts.

Step 1

Login to Azure portal and access the Azure Active Directory

Azure Portal

Step 2

Click on Enterprise Applications from the manage navigation


Step 3

Search for and select the application.
Azure Application Visibility
Note: If you don’t find it there, kindly click on “New Application” and search to add it to your account.

After selecting the application click on Create

Got Feedback

Step 4

Select Single Sign-on in the left menu and select ’SAML’


Click on the Edit button and click on Save

SAML based Sign on
SAML Configuration

Step 5

After saving, scroll down a bit and download the Federation Metadata XML in the SAML certificates.
SAML Certificates

Step 6

Now select Users and groups in the left menu, and click “Add user” to assign the app to the users.

Navigate to Settings from the left navigation panel.

Click on Integrations, On the Connectors page, Select the SAML SSO tab and click on the Azure AD Authorize button.


Click on Authorize Azure AD and paste Issuer ID and X509 certificate, then click “click Register button.

Register Azure Ad

Step 7

Once the app is assigned, the users can find the under My Apps. Clicking on the app would take them to their account.

SAML My Apps



Configure Azure AD SSO and User Provisioning using custom app creation

Step 1

Navigate to the Azure Portal Home Page and click on Enterprise Applications.


Step 2

Click on the New Application button.


Step 3

To start creating your own application, click the button. Name the application (for example, OKR Software), choose Integrate any other application (Non-gallery), and then click the “Create” button.


Step 4

Following the creation of the application, the Application Detail page will be displayed as shown below, and under Single sign-on and Provisioning options on the left menu, we must enter the SSO and SCIM Configuration Details.


Step 5

Navigate to Single sign-on -> SAML and enter the following details. Click on the Edit button of the Basic SAML Configuration Section.

Click on Add identifier and provide

US Region –

azure_us azure_us


EU Region –

azure_eu azure_eu

Click on Add reply URL and provide

US Region –

azure_us azure_us


EU Region –

azure_eu azure_eu



Step 6

Navigate to the Users and groups option in the left menu and click on Add user/group to add the required users and groups to the app.

Note : Nested Groups are not supported.


Step 7

Got to The assigned app ( OKR Software) will be listed here. Clicking on the App will redirect to the user’s Account.


Step 8

Navigate to the Provisioning option in the left menu and click on the Get started button.


Step 9

Choose Automatic under Provisioning Mode and enter the following information.

Tenant URL


rest-vm rest-vm


eu2-rest rest-vm

based on the region of your Application.

Secret Token

To generate the secret token in, go to Settings → Security → API Access and get the values of API Key and SCIM Key.

Form the Secret Token in the following format and provide it in the Secret Token field.


To verify the SCIM connection, click the Test Connection button. When the validation is successful, click the Save button in the top left corner.


Step 10

Navigate to the Provisioning option again and click on the Start Provisioning button.


Step 11 will create a user each time a user is assigned to this application. A user’s access to will be suspended if they are uninstalled from the App. will update every 45 minutes with the latest information.

The supported attributes are as follows,

  • First name
  • Last name
  • Email address
  • Active status
  • JobTitle
  • Department
  • Managers


1. If a department already exists in in either an enabled or disabled state, it will be merged. No duplicate departments will be created. The user sync to the department won’t take place if the department is disabled.

2. The department will be created as a new department if it does not already exist in

How do I disable the department and job title mapping fields?

In Azure AD SSO Click on Edit attribute mappings under Manage User Provisioning and select the Provision Azure AD users


Remove the job title and department attribute from the attribute mapping, and then click Save.