Skip to content

Microsoft Azure SSO

Adding SaaS Management to your Azure SSO

You can easily access SaaS Management by adding the application to your Azure SSO. To add SaaS Management to your SSO, you must create a new SAML application and configure your SSO. To perform these actions, you must have an Azure AD account with one of the following permissions:

  • Global Administrator
  • Cloud Application Administrator
  • Application Administrator
  • Owner of the service principal

Creating a new app

  1. Log in to your Microsoft Azure AD account with the required permissions.
  2. On the home page, enter "enterprise applications" in the search bar. Under Services, select Enterprise applications.

  3. On the Enterprise Applications page, select + New Application.

  4. In the Azure AD Gallery, select + Create your own application.
  5. In the Create your own app window, name your new app "SailPoint SaaS Management".

  6. Select Integrate any other application you don't find in the gallery (Non-gallery).

  7. At the bottom of the window, select Create to create your new app.

Use the Overview page to finish setting up the application.

Configuring SSO

  1. On the Overview page, select Single sign-on from the navigation menu.
  2. On the Single sign-on page, select SAML.



  3. On the SAML-based Sign-on page, go to the Basic SAML Configuration section. Select Edit.

  4. Open a new tab in your browser and go to SaaS Management. In the bottom left-hand corner of the page, select Settings.

  5. Under Configuration, select SAML Settings. On SAML Settings page, find the Audience and Recipient URL.



  6. Copy the Audience from SaaS Management and paste it into the Identifier (Entity ID) field in the Basic SAML Configuration window in Azure.

    Note

    Delete any pre-populated Identifier values in Azure.

  7. Copy the Recipient URL from SaaS Management and paste it into the Reply URL (Assertion Consumer Service URL) field in the Basic SAML Configuration window in Azure.

  8. Select Save.

  9. On the SAML-based Sign-on page in Azure, go to the Set up SailPoint SaaS Management section.

  10. Select the Copy icon to copy the Login URL and paste it into the Sign In URL field on the SAML Settings page in SaaS Management.

  11. Select the Copy icon to copy the Logout URL in Azure and paste it into the Sign Out URL field on the SAML Settings page in SaaS Management.

  12. In Azure, go to the SAML Signing Certificate section on the SAML-based Sign-on page. Download Certificate (Base64).

    Open the file in any text editor and copy the certificate. Go to the SAML Settings page in SaaS Management. Paste the certificate into the Certificate field.

  13. On the SAML Settings page, select Add SSO Connection.

Your organization now has SAML SSO enabled, and every user can sign in to SaaS Management using SSO. You can also select SSO Required on the SAML Settings page to require all users within your organization to sign in with the SSO.