Here are the steps to set up SSO for Azure Entra ID. The exact steps may be slightly different in your environment, but should broadly follow the steps outlined below.
In Kelloo:
- Select set up from the top menu.
- Select SSO ID providers from the integrations menu.
- Select Add ID provider.
- Enter a provider name and select save.
- This will populate the Kelloo entity ID, Kelloo SSO login and Kelloo SSO consumer values. These will be required when creating the application in your SSO provider.
- In Azure open Entra ID.
- In the directory select enterprise applications.
- Select new application.
- Select create your own application.
- Enter a name for the application and set "Integrate any other application..."
- Select save.
- Select the set up single sign on option.
- Select SAML.
- Edit the basic SAML configuration and add the identifier (entity ID), this is the Kelloo entity ID created earlier.
- Add a reply URL (assertion consumer service URL), this is the Kelloo SSO consumer created earlier.
- Select save.
- Edit the attributes & claims and set the unique user identifier to be user.mail.
- Download the Certificate (Base64) and open using a text editor.
- Select all the text in the file and paste it into the Kelloo x.509 certificate field in the Kelloo SSO provider you created earlier.
- Copy the login URL and paste it into the id provider login URL in the Kelloo SSO provider you created earlier.
- In Entra ID visit users and groups.
- Add a user / group to give them access to the Kelloo application.
- In Kelloo visit the users page and grant the same user (with the same email address as the user granted access via Entra ID) the ability to login using SSO with the Azure application.
You can now Logout of Kelloo and either test the login from within Azure or visit the login page in Kelloo and choose login with SSO and enter the email address.
You should now be prompted to login with your Microsoft Entra ID email address and once authenticated you will be redirected and logged in to Kelloo.