Skip to main content

Overview

Single Sign-On (SSO) allows your organization to authenticate users through your existing Microsoft Entra ID (formerly Azure Active Directory) identity provider, providing a seamless login experience while maintaining security standards.
SSO configuration is an organizational-level setting that affects all users within your domain. This setup requires coordination between your IT team and Adclear support.

Prerequisites

Before beginning the SSO setup process, ensure you have:
  • Administrative access to the Microsoft Azure portal
  • The ability to create and configure enterprise applications
  • Your organization’s email domain(s) that will use SSO
  • User assignment permissions for the enterprise application

Setup Process

Create a New Enterprise Application

  1. Navigate to the Microsoft Azure portal and sign in
  2. Under the Azure Services section, find and select Enterprise applications
    • You may need to visit the All services page and scroll to the Identity section
  3. Select New application
  4. On the Browse Microsoft Entra Gallery page, select Create your own application
  5. In the modal that opens:
    • Name: Enter “Adclear” (or your preferred application name)
    • Select Integrate any other application you don’t find in the gallery (Non-gallery)
    • Select Create

Assign Users or Groups

  1. In the Getting Started section, select Assign users and groups
  2. Select Add user/group
  3. Select the None Selected link
  4. Choose users or groups by:
    • Using the search field to find specific users/groups
    • Selecting checkboxes next to users/groups in the table
  5. Select Select at the bottom of the page
  6. Select Assign to complete the assignment
For more details on assigning groups or advanced configurations, refer to Microsoft’s documentation.

Configure Basic SAML Settings

The following URLs and identifiers will be provided by Adclear support. Please contact our team to generate these values for your organization before proceeding.
  1. In the navigation sidebar, open the Manage dropdown and select Single sign-on
  2. In the Select a single sign-on method section, select SAML
  3. Find the Basic SAML Configuration section and select Edit
  4. Add the following values (provided by Adclear):
    • Identifier (Entity ID): [Provided by Adclear]
    • Reply URL (Assertion Consumer Service URL): [Provided by Adclear]
  5. Select Save at the top of the panel and close it

Configure Attributes and Claims

These are typically configured by default in Microsoft Entra ID, but it’s important to verify them to avoid authentication issues.
  1. On the Set up Single Sign-On with SAML page, find the Attributes & Claims section and select Edit
  2. Confirm that the following attributes and values are present:
Required attribute:
Claim NameValue
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressuser.mail
Optional attributes:
Claim NameValue
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givennameuser.givenname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surnameuser.surname
  1. If your organization uses custom attribute names, update the Value column accordingly

Retrieve Federation Metadata URL

  1. On the Set up Single Sign-On with SAML page, find the SAML Certificates section
  2. Copy the App Federation Metadata URL
  3. Send this URL to Adclear support - this is the key piece of information needed to complete the integration

What We Need From You

To complete the SSO setup, please provide Adclear support with:
  1. The App Federation Metadata URL from the setup process
  2. The email domain(s) this SSO applies to (e.g., @company.com) - please specify if subdomains should be supported (e.g., @team.company.com)

Next Steps

Once you’ve provided the required information:
  1. Our team will configure the SSO integration on our end
  2. We’ll test the connection to ensure everything works correctly
  3. You’ll receive confirmation when the setup is complete
  4. Users can then log in using their Microsoft credentials
If existing users have email addresses matching the SSO domain, they will be required to authenticate through Microsoft Entra ID once SSO is enabled. We recommend testing during off-peak hours if this applies to your organization.

Troubleshooting

If you encounter issues during setup:
  • Users can’t sign in: Verify that users are assigned to the enterprise application
  • Attribute errors: Double-check the attribute mappings, especially the email address claim
  • Configuration errors: Ensure the Identifier and Reply URL from Adclear were entered correctly
For additional assistance, please contact Adclear support with details about the error you’re experiencing.