1. Home
  2. Managing Team Members
  3. Setting up SAML based SSO with Azure AD

Setting up SAML based SSO with Azure AD

There are 5 steps for enabling SSO with Azure Active Directory

  1. Create the Azure AD Enterprise application
  2. Enable SSO for your new Azure AD Enterprise application
  3. Assign users to your new Azure AD Enterprise application
  4. Provide the IDP details in the Manifestly form
  5. Test the SSO for your account and then activate


1) Create a new enterprise app on your Azure Active Directory

  1. Go to the Azure Active Directory Admin Center (https://aad.portal.azure.com/) and sign in using one of the roles listed in the prerequisites.
  2. In the left menu, select Enterprise applications. The All applications pane opens and displays a list of the applications in your Azure AD tenant.
  3. Press “New application” , a new panel, “Browse Azure AD gallery” opens,
  4. Press “Create your own application”, a new panel opens,
  5. Enter the name of your app as “Manifestly”, select “Integrate any other application you don’t find in the gallery” from the list of options and press “Create”
  6. Your application is created and you’ll be able to find it in the Enterprise applications page for the next steps

2) Enable SSO for your Enterprise Application

  1. Find and open your application page in the “Enterprise applications” panel.
  2. Find and open “Single sign-on” page from the left menu.
  3. Select SAML as the single sign-on method, a new page to set up SAML options opens, follow the instructions below about each step of the configuration :

(Step 1) Basic SAML Configuration

  1. Press “Edit” button next to “Basic SAML Configuration”, a new page opens,
  2. Add “https://app.manifest.ly/users/saml/metadata” as your “Entity ID”. Make it the default one.
  3. Add “https://app.manifest.ly/users/saml/auth” as the “Reply URL”
  4. Leave the “Sign on URL” field empty
  5. Leave the “Relay State” field empty
  6. Leave “Logout Url” field empty
  7. Press “Save” to save your settings.

(Step 2) Attributes & Claims

  1. Press “Edit” button next to “Attributes & Claims” title
  2. Keep the required claim as is
  3. Remove all “Additional claims” and create 3 new claims by pressing “Add new claim” button and entering details as below. ( statements: [name (Source) – value] ). You can leave “Namespace” field empty.
  1. first_name (Attribute) – user.givenname
  2. last_name (Attribute) – user.surname
  3. email (Attribute) – user.mail

Press “Save” to finish setting up claims

(Step 3) SAML Signing Certificate

  1. Click on “Download” link next to “Certificate (Base64)” to download your certificate. You’ll need this file later.

(Step 4) Set up your app

  1. Copy “Azure AD Identifier” value, you’ll need this later.
  2. Finally, visit the “Properties” page of your Enterprise App to copy the “User Access Url” value, you’ll need this value later as well.
  3. On the properties page you can also add an icon to your SSO to indicate it is for Manifestly. We recommend using our Checkmark Logo.

3) Assign users to your new Azure AD Enterprise application

Visit your new apps “Users and groups” page to assign users or groups that are allowed to access this application.

4) Configure SSO Settings on the Manifestly App

  1. In manifestly app, go to “Settings” -> “SSO” -> “Set up SAML Sign On” page
  2. Enter your desired custom sign in page url, your users will use this url to sign in with SSO.
  3. Open the Base64 certificate file you downloaded from azure portal, with a text editor, copy and paste the contents into SAML Cert field.
  4. Copy and paste the “Azure AD Identifier” that you have taken from the previous steps into the “SAML Entity” field.
  5. Copy and paste the “User access URL” that you can find on the SSO admin page into the “SAML URL” field. The URL should start with https://launcher.myapps.microsoft.com/api/signin
  6. Save your settings without setting to active
  7. Navigate to the URL you set in step 2 above and test that you can sign in with SAML SSO
  8. Once the test works, set your SSO setting to active

At this point, all users will be required to use the SSO you have set up through your IdP.

Updated on March 28, 2024

Was this article helpful?

Related Articles