Skip to main content

Entra ID (Azure) SAML Connection Overview

  • Updated

Setting up Microsoft Entra ID (Azure) SAML SSO with Spekit? This guide provides a general overview of how to create an Enterprise Application in Entra ID, configure SAML settings, and connect it to Spekit.

⚠️ Important: This guide provides a general overview of the SSO connection process and should not be used as a step-by-step configuration guide. To set up SSO with Spekit, go to the Connect page within your Spekit Web App and proceed through the in-app setup walkthrough.

 

📌 Quick-Jump Topics

 

Step 1: Create an Enterprise Application

How do I create a new Enterprise Application in Microsoft Entra ID?

  1. Log in to the Microsoft Entra ID (Azure) Admin Dashboard.
  2. Select Enterprise applications from the dashboard.

Select Enterprise Applications in the Azure dashboard

  1. Click New application.

Select New Application in the Azure dashboard

  1. Click Create your own application.
  2. Enter Spekit as the app name.
  3. Under What are you looking to do with your application?, select Integrate any other application you don't find in the gallery (Non-gallery).
  4. Click Create.

Enter new application name in the Azure dashboard

  1. In the left sidebar under the Manage section, click Single Sign-On.
  2. Select SAML as the sign-on method.

Select SAML as the sign-on method in the Azure dashboard

 

Step 2: Configure SAML Settings

How do I enter the Identifier and Reply URL for Spekit?

  1. On the Single Sign-On page, click the Edit icon in the top-right corner of the Basic SAML Configuration section.

Edit Basic SAML Configuration in the Azure dashboard

  1. Copy the Identifier value from your Spekit SSO walkthrough and paste it into the Identifier field.
  2. Copy the Reply URL value from your Spekit SSO walkthrough and paste it into the Reply URL field.
  3. Click Save.

Input ACS URL and Entity ID in the Azure dashboard

 

Step 3: Configure Attributes and Claims

How do I map user attributes for the SAML assertion?

  1. Click the Edit icon in the top-right corner of the Attributes & Claims section.

Edit Attributes and Claims in the Azure dashboard

  1. For each attribute, enter the claim name in the Name field and the corresponding value in the Source attribute field, as specified in your Spekit in-app walkthrough.
  2. Click Save after adding all required attributes.

Attributes and Claims configuration in the Azure dashboard

 

Step 4: Assign Users to the SAML App

How do I grant users or groups access to the Spekit SAML application?

  1. In the left sidebar under the Manage section, click Users and groups.

Select Users and Groups in the Azure dashboard

  1. Click Add user/group from the top menu.

Add user/group in the Azure dashboard

  1. In the panel that appears, select the users and/or groups you want to grant access to the Spekit SAML application.
  2. Click Select to confirm your selections, then click Assign.

Select users and groups to assign in the Azure dashboard

 

Step 5: Upload IdP Metadata to Spekit

How do I complete the connection by uploading the Entra ID metadata to Spekit?

  1. Navigate back to the Single Sign-On page of your Spekit application.
  2. Scroll down to Section 3 - SAML Signing Certificate.
  3. Copy the App Federation Metadata URL.
  4. Paste this URL into the IdP Metadata URL field in your Spekit in-app SSO walkthrough.

App Federation Metadata URL in the Azure dashboard

ℹ️ What's next? After uploading the metadata URL, you can test the configuration in the next step of the in-app walkthrough. From there:

  • If you plan to use JIT (Just-in-Time) user provisioning, you are done but you must notify Spekit Support that you will be using this provisioning type.
  • If you plan to use SCIM provisioning, a separate SCIM walkthrough is available in Spekit for you to complete.

 

Related articles