Quick Links

Configuring SAML SSO with Microsoft Entra

Organizations using Microsoft Entra ID as their identity provider can configure a single sign-on (SSO) connection with Blumira as the service provider using the SAML protocol.

To start using Microsoft Entra SSO with Blumira, complete the following steps:

  1. Log in to Microsoft Entra as a user with one of the following roles: Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal.
  2. Navigate to Identity > Applications > Enterprise Applications.
  3. Click + New Application.
  4. Click + Create your own application.
  5. In the “Create your own application” window, do the following:
    1. Under “What’s the name of your app?” type a name.
      Example: Blumira-SAML-SSO
    2. Under “What are you looking to do with your application?” select Integrate any other application you don't find in the gallery (Non-gallery).
    3. Click Create.
  6. In the lefthand menu, click Single sign-on.
  7. Under “Select a single sign-on method,” click SAML.


  8. In the Basic SAML Configuration section, click Edit.Screenshot 2024-04-29 at 11.35.47 AM.png

  9. In the Basic SAML Configuration window, do the following:
    1. Click Add identifier, then type a name for the SAML configuration.
      Example: blumira-saml-sso
    2. Click Add reply URL, then type https://auth.blumira.com.
      Screenshot 2024-04-29 at 11.39.32 AM.png
    3. Click Save at the top and then close the configuration window.
  10. When prompted to test the connection, click No, I’ll test later.
  11. In the “SAML Certificates” section, download the Certificate (Base64) file.
  12. In the “Set up Blumira-SAML-SSO” section, locate the Login URL and Logout URL, which you will use in the next step when configuring Blumira.

    Note: Login and Logout URLs may be the same values in Entra.
  13. In another browser window, log in to Blumira and do the following:
    1. Navigate to Settings > Single Sign-on.
    2. Enable SSO by clicking the slider in the upper left corner.
    3. In the “Domain” box, type your Microsoft 365 email domain.
    4. In the “Signing Certificate” box, paste the contents of the Entra “Certificate (Base64)” file you downloaded in Step 11.
    5. In the “Sign-in Endpoint” box, paste the Entra Login URL.
    6. In the “Sign-out Endpoint” box, paste the Entra Logout URL.
    7. Click Save.
    8. Download the Metadata XML file, which you will upload to Entra.
  14. In Entra, click Upload metadata file at the top of your SAML app page.
  15. Find and select the metadata XML file you downloaded from Blumira.
  16. Click Add.
  17. At the top of the “Basic SAML Configuration” window, click Save and then close the window.
  18. In the lefthand menu, click Users and Groups.
  19. Click + Add user/group.
  20. In the “Add Assignment” window, click None Selected.
  21. Click the check box next to the users and groups you want to allow to use SAML SSO in Blumira.
  22. Click Select.
  23. Click Assign.

Users can now log in to Blumira using SAML SSO, however they must create a new MFA token when they first attempt SSO.

Screenshot 2024-04-29 at 11.09.00 AM.png

Reference: