Microsoft Entra ID
Access Type: Organization Settings - Editor
Premium Feature: SSO
Single Sign-On (SSO) is an authentication process that allows users to access multiple applications or systems with one set of login credentials. In this article, we will cover how to configure SSO using the SAML 2.0 standard protocol with Microsoft Entra ID.
Resources
Please refer to the following Microsoft Entra ID documentation for additional information:
Retrieve SSO SAML identifiers
To start, your organization needs to retrieve the SSO SAML identifiers from the Didomi console to continue setup in your identity provider.
Click My organization and selecting Single Sign-on from the drop-down menu.
Use the provided fields in the Get your SSO SAML identifiers step to record the following:
Configured issuer
Your organization's identity provider's unique identifier within the Didomi console.
Login URL
Where user will be redirected after successful login on the identity provider.
Logout URL
Where user will be redirected after successful logout on the identity provider.
Click Continue when finished.
Create Didomi console application in Microsoft Entra ID
Before configuring SSO your organization will need to add a Didomi console application in your Microsoft Entra ID account.
Navigate to Entra ID > Enterprise apps > All applications.
Click New application.
From the creation page, select Create your own application.
Name your new application something recognizable as being for the Didomi console. This is where your organization will configure the SSO SAML.
Configure SSO for Didomi console application in Microsoft Entra ID
From the newly created application for the Didomi console in Microsoft Entra ID, select Single sign-on on the left-hand menu.
Click SAML to open the SSO configuration page and navigate to Basic SAML configuration section and select Edit.
Use the provided fields to input the SSO SAML identifiers retrieved from the Didomi console.
Identifier (Entity ID)
Configured issuer
Reply URL (Assertion Consumer Service URL)
Login URL
Sign on URL
Login URL
Logout URL (Optional)
Logout URL
Click Save when finished.
Retrieve Didomi console application metadata from Microsoft Entra ID
From the Didomi console application's SSO configuration page in Microsoft Entra ID, navigate to the Set up [Application Name] section and record the Login URL and Logout URL.
Next, navigate to the SAML Certificates section and download the Certificate (Base64). The certificate will be downloaded to your local machine. Open the file and record its contents.
Add Microsoft Entra ID metadata
With the metadata from Microsoft Entra ID copied, navigate back to the SSO configuration within the Didomi console and input those values in the provided fields for the Setup SSO settings step.
X509 certificate
The SAML Signing Certificate from your Microsoft Entra ID in CER base64 format.
Login URL
Login URL from Microsoft Entra ID.
Logout URL
Logout URL Microsoft Entra ID.
Note: Before continuing onward, ensure all users who should have access to the Didomi console have their email addresses added to their profile.
Test and complete SSO configuration
Didomi will verify the identity provider metadata. When successful, utilize the Domain(s) field to add email domains to which the SAML authentication will be restricted (i.e. only users whose emails have this domain will be allowed to login with SSO SAML).
For security, the domain added to the Domain(s) field must match the email domain of the user performing the configuration (e.g. didomi.io can only be added if the user adding it is signed into the Didomi console using an @didomi.io email address.
To add more than one domain, please contact the Didomi support team via chat or email at [email protected].
Click Save settings.
Manage user and group access to Didomi console application
From the Microsoft Entra ID application for the Didomi console, click Users and groups on the left-hand panel and use the subsequent page to manage which users in your organization has access to the Didomi console.
Last updated