Skip to main content

How can I configure SSO with Microsoft Entra ID?

Updated

Follow this step-by-step guide to configure SSO SAML in Microsoft Entra ID. Here’s an overview of the steps, which we’ll discuss in detail:

  1. Create an Airalo Application in Microsoft Entra ID

  2. Configure SAML in Microsoft Entra ID

  3. Set up Attributes & Claims in Microsoft Entra ID

  4. Connect Airalo to Microsoft Entra ID

  5. Create an Airalo Application in Microsoft Entra ID:

    • Go to the Microsoft Entra admin portal.
    • Select "Create Your Own Application".
    • Name the app (e.g., "Airalo SSO"), choose "Integrate any other application you don’t find in the gallery (Non-gallery)", and click "Create".

  1. Enable SSO on the Airalo Partner Platform
  2. Enable SSO on Airalo Partner Platform:
    • Log in to your Airalo Partner Platform account.
    • Navigate to the SSO settings and enable SSO.
    • Download the SAML metadata file provided by Airalo.

 

  1. Configure SAML in Microsoft Entra:
    • Open your newly created Airalo application in Entra.
    • Go to "Single Sign-On" > "SAML".
    • Click "Upload metadata file", select the file downloaded in step 2, and click "Add".
    • The required URLs will be automatically populated. Click "Save".
    • Skip the connection test at this step by selecting "No, I'll test later”

 

2. Configure Attributes & Claims in Microsoft Entra: It’s essential to map attributes and claims accurately to ensure user information transfers correctly. In this step, adjust the default attribute and claim settings to align with Airalo Partner Platform requirements.

      • In the SAML configuration, click "Edit" in section 2.
      • Set up the following attributes exactly as shown. Be sure to match the Name fields precisely, as they are case-sensitive.

Note that the namespace field should be left empty

Name Source attribute
email user.userprincipalname
first_name user.givenname
last_name user.surname
role User roles are assigned in Partner Platform based on the value passed here.

To learn more about supported roles and their permissions, please refer to this FAQ.
If no source attribute is specified, the "Default role" configured in the Partner Platform's SSO settings will be applied.






3. Connect Airalo to Microsoft Entra:

  • In Entra, download the federation metadata XML file for your Airalo application.

  • Open the XML file and copy the value of the x509 certificate (excluding the tags).

  • In your Airalo Partner Platform, navigate to the SSO settings and paste the certificate value into the "x509 Certificate" field.
  • In Entra, copy the "Login URL", "Entra ID", and "Logout URL" values from your Airalo application's SAML configuration.

  • Paste these URLs into the corresponding fields in your Airalo Partner Platform's SSO settings.
  • Click "Save Changes" to complete the SSO setup.


     

4. Optional: Set Up a Default Role:
If Microsoft Entra ID does not provide role information for any user, we automatically assign the default role to that user in the Partner Platform(see step 3 for details). Setting a default role is optional.

             

5. Optional: Configure Security Options in Partner Platform

You have two optional security settings:

  • Enforce SSO for All Users: This requires all employees to log in exclusively through SSO, disabling other login methods like username and password.
  • Enforce Fresh Authentication: When enabled, users will need to reauthenticate via SSO each time they log in to the Partner Platform, even if they remain logged into their Microsoft account.

Once all steps are complete, your Microsoft Entra ID SSO setup should be ready. Test your setup by logging into the Airalo Partner Platform via SSO to confirm everything is working as expected.

Related to

Related articles