--- title: "Configuring Lucanet SAML Single Sign-On with Microsoft Entra ID/Azure" source_url: https://support.lucanet.cloud/en/documentation/administration/platform-management/configure-ext-authentication/entra-id-registration-saml language: en last_updated: 2023-08-16 --- # Configuring Lucanet SAML Single Sign-On with Microsoft Entra ID/Azure ## Overview If you use **Azure/Microsoft Entra ID** as your identity provider and choose the **SAML** method for **external authentication** of the Lucanet CFO Solution Platform, you must first register Lucanet as an enterprise application in the Azure Portal/Microsoft Entra ID Admin Center. After completing the registration and configuration in Azure Portal/Microsoft Entra ID, you can copy the authentication parameters from Azure/Microsoft Entra ID and paste them into the Lucanet CFO Solution Platform to complete the configuration of external authentication. {% stepper %} {% stepper-step %} Open the [Azure Portal](https://portal.azure.com/#home) or the Microsoft Entra Admin Center at [https://entra.microsoft.com](https://entra.microsoft.com/). {% /stepper-step %} {% stepper-step %} Navigate to **Enterprise applications**. Click **\+ New application.** 'Enterprise applications' Workspace in Microsoft Azure {% /stepper-step %} {% stepper-step %} On the displayed page **Browse Microsoft Entra Gallery**, click **Create your own application**. 'Create your own application' button {% /stepper-step %} {% stepper-step %} Enter a name for the application (e.g., _Lucanet CFO Platform Authentication SAML 2_) and choose **Integrate any other application you don't find in the gallery (Non-gallery)**. Creating your own application {% /stepper-step %} {% stepper-step %} Click **Create**. {% /stepper-step %} {% /stepper %} {% stepper %} {% stepper-step %} In the created enterprise application, navigate to **Manage | Properties**. 'Properties' section {% /stepper-step %} {% stepper-step %} Set the **Assignment required** toggle based on your requirements: Setting 'Assignment required' to 'no' {% /stepper-step %} {% stepper-step %} Click **Save**. {% /stepper-step %} {% /stepper %} {% stepper %} {% stepper-step %} Navigate to **Manage | Single sign-on**. 'Single sign-on' workspace in Azure Portal {% /stepper-step %} {% stepper-step %} Select **SAML** as the single sign-on method. Selecting 'SAML' as the single sign-on method The options for the **Basic SAML Configuration** are displayed as followed: Options for Basic SAML Configuration on the 'Set up Single Sign-On with SAML' page {% /stepper-step %} {% stepper-step %} Copy the **Entity ID** from the **External authentication** workspace in the **Lucanet CFO Solution Platform**. 'External authentication' workspace in Lucanet Copying the 'Entigy ID' from Lucanet CFO Solution Platform {% /stepper-step %} {% stepper-step %} In the **Basic SAML Configuration** area in the Azure Portal, click **Add identifier** under **Identifier (Entity ID)**. Button for adding Entity ID in the Azure Portal {% /stepper-step %} {% stepper-step %} Paste the **Entity ID** copied from Lucanet into the corresponding field. Entity ID added in Azure Portal {% /stepper-step %} {% stepper-step %} Copy the **Reply URL** from the **External authentication** workspace in the **Lucanet CFO Solution Platform**. 'External authentication' workspace in Lucanet Copying the 'Reply URL' from the Lucanet CFO Solution Platform {% /stepper-step %} {% stepper-step %} In the **Basic SAML Configuration** area in the Azure Portal, click **Add reply URL** under **Reply URL (Assertion Consumer Service URL)**. Button for adding reply URL in the Azure Portal {% /stepper-step %} {% stepper-step %} Paste the **Reply URL** copied from Lucanet into the corresponding field. Reply URL added in the Azure Portal {% /stepper-step %} {% stepper-step %} Click **Save**. {% /stepper-step %} {% /stepper %} ## Configuring Authentication Parameters for the Lucanet CFO Solution Platform After configuring the enterprise application and Single Sign-On in Azure/Microsoft Entra ID, you need to retrieve specific authentication parameters and add them to the Lucanet CFO Solution Platform to complete the external authentication setup. {% stepper %} {% stepper-step %} Get the **App Federation Metadata Url** from Azure Portal/Microsoft Entra ID: In the Enterprise application for Lucanet, navigate to **Manage | Single sign-on | Set up Single Sign-on with SAM** L. In the **SAML Certificates** area, copy the **App Federation Metadata Url**. Copying App Federation Metadata URL {% /stepper-step %} {% stepper-step %} Add the **App Federation Metadata Url** to the Lucanet CFO Solution Platform: In the Lucanet CFO Solution Platform, navigate to the **External authentication** workspace. 'External authentication' workspace in Lucanet Paste the **App Federation Metadata Url** into the **Metadata document URL** field. 'Metadata document URL' field in Lucanet {% /stepper-step %} {% stepper-step %} In the Lucanet CFO Solution Platform, navigate to the **External authentication** workspace. 'External authentication' workspace in Lucanet {% /stepper-step %} {% stepper-step %} Paste the **App Federation Metadata Url** into the **Metadata document URL** field. 'Metadata document URL' field in Lucanet {% /stepper-step %} {% stepper-step %} Get the **Attribute** value from Azure Portal/Entra ID Admin Center: In the Enterprise application for Lucanet, navigate to **Manage | Single sign-on | Set up Single Sign-on with SAML**. 'Single sign-on' workspace in Azure Portal In the **Attributes & Claims** area, click **Edit**. The **Attributes & Claims** page will be displayed as follows, for example: 'Attributes & Claims' page in the Azure Portal In the **Additional claims** area, click the row with the value **user.mail**. The **Manage claim** page will be displayed as follows, for example: 'Manage claim' page with the claim 'Name' and the 'Namespace' Copy the **Namespace** field value and the **Name** field value. Combine them to create the **Attribute** value using the following structure: **Namespace/Name** Example in the screenshot above: - **Namespace**: http://schemas.xmlsoap.org/ws/2005/05/identity/claims - **Name**: emailaddress - **Attribute**: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress {% /stepper-step %} {% stepper-step %} In the Enterprise application for Lucanet, navigate to **Manage | Single sign-on | Set up Single Sign-on with SAML**. 'Single sign-on' workspace in Azure Portal {% /stepper-step %} {% stepper-step %} In the **Attributes & Claims** area, click **Edit**. The **Attributes & Claims** page will be displayed as follows, for example: 'Attributes & Claims' page in the Azure Portal {% /stepper-step %} {% stepper-step %} In the **Additional claims** area, click the row with the value **user.mail**. The **Manage claim** page will be displayed as follows, for example: 'Manage claim' page with the claim 'Name' and the 'Namespace' {% /stepper-step %} {% stepper-step %} Copy the **Namespace** field value and the **Name** field value. Combine them to create the **Attribute** value using the following structure: **Namespace/Name** Example in the screenshot above: - **Namespace**: http://schemas.xmlsoap.org/ws/2005/05/identity/claims - **Name**: emailaddress - **Attribute**: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress {% /stepper-step %} {% stepper-step %} Add the **Attribute** value to the Lucanet CFO Solution Platform: In the Lucanet CFO Solution Platform, navigate to the **External authentication** workspace. 'External authentication' workspace in Lucanet Paste the **Attribute** value into the **Attribute** field. 'Attribute' field in Lucanet {% /stepper-step %} {% stepper-step %} In the Lucanet CFO Solution Platform, navigate to the **External authentication** workspace. 'External authentication' workspace in Lucanet {% /stepper-step %} {% stepper-step %} Paste the **Attribute** value into the **Attribute** field. 'Attribute' field in Lucanet {% /stepper-step %} {% /stepper %} {% warning-box %} **Attention**: The e-mail address of a user on the **Lucanet CFO Solution Platform** must be identical to the e-mail address in **Azure/MS Entra ID**. The upper and lower case of e-mail addresses must match exactly. {% /warning-box %} You can find additional information on how to use the parameters when configuring the external authentication for the Lucanet CFO Solution Platform with the SAML method in the section [Configuring SAML](https://support.lucanet.cloud/en/documentation/administration/platform-management/configure-ext-authentication.md#saml) in **Configuring External Authentication**.