SSO with Microsoft Entra ID

Learn how to establish a Single Sign On (SSO) with Microsoft Entra ID.

Microsoft Entra ID, formerly Azure Active Directory (Azure AD), is a cloud-based identity and access management service. It allows organizations to manage users and groups, facilitating secure access to internal and external resources. Microsoft Entra ID support SAML 2.0.

This guide outlines the steps to configure SSO using Microsoft Entra ID.

You must be an Account Owner or Administrator on ComplyCube and have administrative permission on Entra ID to set up SSO.

ComplyCube does not send an email confirmation when the SSO setup is complete.

Setup steps

1. Create an Azure account

The first step is to create an account with Microsoft Azure. When this guide was written, Microsoft Entra ID offered a free trial account to assist with the initial setup.

You can follow their instructions to register an account.

2. Register an application

  1. Once your account is set up, you can go to the Azure portal and log in with your account.

  2. Search for "Microsoft Entra ID" on the top navigation panel, and select the service.

  3. Go to Enterprise applications -> New application.

  4. Select Create your own application, name your application "ComplyCube", select the Non-gallery option, and click Create.

3. Configure SAML-Based SSO

Select your newly created application under Enterprise applications.

Then, under Manage, in the application's left navigation menu, select Single sign-on and choose SAML as the method.

Now, set up the Basic SAML Configuration using values from your ComplyCube SSO settings page:

  • Identifier (Entity ID): An identifier for the application. Use the value of Audience from ComplyCube.

  • Reply URL (Assertion Consumer Service URL): The location where Microsoft Entra ID sends SAML responses. Use the ACS Consumer URL from ComplyCube.

  • Sign-on URL: URL where users will sign in. Use the ACS Consumer URL from ComplyCube.

The next step is to configure your Attributes & Claims settings. As shown in the image below, please ensure the following Attribute Statements are mapped in Microsoft Entra ID - 'firstName', 'lastName', and 'email', as they will be used to update the user profile details in ComplyCube, on every login.

Click Edit on SAML Certificate and download the Certificate (Base64).

Edit the Token signing certificate and ensure the Signing Option is "Sign SAML Response and assertion".

4. Update SSO settings in ComplyCube

Now you can go to your ComplyCube SSO settings page, update the Sign-In URL, and upload your Signing Certificate (i.e., X.509 certificate).

You can find the Sign-In URL in the Single Sign-On section of your Application in Microsoft Entra ID.

5. User and Group Assignments

Once the application is added and SSO is set up, the next step is to assign Microsoft Entra ID users or groups to the application. We recommend that assignments be made at a group level.

Under Users and Groups, select Add user/group to add the users or groups that should have access to this application in Microsoft Entra ID.

Once the assignment is complete, you can log in to the ComplyCube Web Portal using SSO through Microsoft Entra ID.

Last updated