Skip to main content

How to Configure SAML SSO for MS Entra ID (Azure AD)

Jorge Ferreira Filho
  • Updated

Who can use this feature?

Available on All Products
Available to Only Admins
Billing Center Get a Demo

In this article, we will walk through the required steps to integrate your MS Entra ID (Azure AD) with Chili Piper.

Table of Contents

Things to Know

  • You must be a Chili Piper admin to enable Single sign-on (SSO).
  • You must use the same email address for both Chili Piper and your IdP.

Chili Piper supports any enterprise identity provider (IdP) using the SAML 2.0 protocol.

How to Configure SAML SSO for MS Entra ID

In the Admin Center, access SAML Configuration by clicking Integrations in the left-side menu and clicking the Single Sign-On tab. Then click Connect on the Single Sign-On card.


Before you can begin Step 1 to configure SAML for MS Entra ID, please ensure the following:

  • If you have not already, you must create Chili Piper as a new Enterprise Application in MS Entra ID.
  • If your MS Entra ID application has restrictions for users, assign users or groups to the Chili Piper application you have created so they can use Chili Piper.

 

Step 1

In MS Entra ID (Azure AD), go to the Single sign-on settings of your newly created application.

 

Copy and Paste the fields from Chili Piper into Azure. These URLS cannot be edited in any way or they will not work.

 

Please note that each Reply URL (Assertion Consumer Service URL) field must be completed:

  • The one marked as Default must contain the /clients/common suffix nd
  • The other one must not contain the suffix

 

Setting Up Attributes & Claims in MS Entra ID

In Attributes & Claims, click edit. Make sure the following Claims are created:

Name Source Source Attribute
lastName Attribute user.surname

firstName

 Attribute user.givenname
email Attribute user.mail

 

Add a New Claim and use the table above to create each claim:

You MUST CLICK SAVE after creating claims

 

Once all Claims have been created, they will appear in section 2 of the SAML setup in MS Entra

 

Step 2

Copy the App Federation Metadata URL from MS Entra ID

 

Paste to Metadata URL field in Chili Piper in the Step 2 section of the IdP setup:

 

In Chili Piper, click Test Connection, and you will be directed to your IdP login screen. You must log into your IdP using the same credentials that you are logged into Chili Piper.

If the Connection is successful, you will be redirected back to Chili Piper to enforce SSO for all users.

If you want to enforce your users only logging in via your IdP, you can opt to do this now. This option will only be available if testing the connection in Step 2 is successful.

 

 

Related articles

Comments

0 comments

Please sign in to leave a comment.