Microsoft Entra ID (Azure AD) SSO Setup

SAML 2.0 Setup with Microsoft Entra ID

Step 1: Create an Enterprise Application

1. Sign in to the Microsoft Entra admin center
2. Go to Identity > Applications > Enterprise applications
3. Click New application
4. Click Create your own application
5. Enter a name (e.g., "Zenovay") and select Integrate any other application you don't find in the gallery (Non-gallery)
6. Click Create

Step 2: Configure SAML

1. In your new application, go to Single sign-on in the left menu
2. Select SAML as the single sign-on method
3. In the Basic SAML Configuration section, click Edit and enter:

4. Click Save

Step 3: Configure Attributes & Claims

1. In the Attributes & Claims section, click Edit
2. Verify the NameID claim is set to:
   • Source: Attribute
   • Source attribute: user.userprincipalname or user.mail
   • Name identifier format: Email address

The default attribute mappings are usually sufficient. Optionally add:

Step 4: Download Certificate and Get IdP Values

1. In the SAML Certificates section:
   • Download the Certificate (Base64)
2. In the Set up Zenovay section, copy:
   • Microsoft Entra Identifier — this is your IdP Entity ID
   • Login URL — this is your SSO URL

Step 5: Assign Users and Groups

1. Go to Users and groups in the left menu
2. Click Add user/group
3. Select the users or groups who should have access to Zenovay
4. Click Assign

Step 6: Configure Zenovay

1. In Zenovay, go to Settings > Authentication > SSO
2. Click Add SSO Provider
3. Select SAML 2.0
4. Enter:
   • Name: e.g., "Microsoft Entra ID"
   • Entity ID: the Microsoft Entra Identifier from Step 4
   • SSO URL: the Login URL from Step 4
   • Certificate: paste the contents of the downloaded Base64 certificate
5. Click Save
6. Add and verify your email domain

Step 7: Test

1. Open an incognito window
2. Go to auth.zenovay.com
3. Enter an email from your verified domain
4. You should be redirected to Microsoft login, sign in, and return to the Zenovay dashboard