Organizations using Microsoft Entra ID as their identity provider can configure a single sign-on (SSO) connection with Blumira as the service provider using the SAML protocol.
To start using Microsoft Entra SSO with Blumira, complete the following steps:
- Log in to Microsoft Entra as a user with one of the following roles: Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal.
- Navigate to Identity > Applications > Enterprise Applications.
- Click + New Application.
- Click + Create your own application.
- In the “Create your own application” window, do the following:
- Under “What’s the name of your app?” type a name.
Example: Blumira-SAML-SSO - Under “What are you looking to do with your application?” select Integrate any other application you don't find in the gallery (Non-gallery).
- Click Create.
- Under “What’s the name of your app?” type a name.
- In the lefthand menu, click Single sign-on.
- Under “Select a single sign-on method,” click SAML.
- In the Basic SAML Configuration section, click Edit.
- In the Basic SAML Configuration window, do the following:
- Click Add identifier, then type a name for the SAML configuration.
Example: blumira-saml-sso - Click Add reply URL, then type https://auth.blumira.com.
- Click Save at the top and then close the configuration window.
- Click Add identifier, then type a name for the SAML configuration.
- When prompted to test the connection, click No, I’ll test later.
- In the “SAML Certificates” section, download the Certificate (Base64) file.
- In the “Set up Blumira-SAML-SSO” section, locate the Login URL and Logout URL, which you will use in the next step when configuring Blumira.
Note: Login and Logout URLs may be the same values in Entra. - In another browser window, log in to Blumira and do the following:
- Navigate to Settings > Single Sign-on.
- Enable SSO by clicking the slider in the upper left corner.
- In the “Domain” box, type your Microsoft 365 email domain.
- In the “Signing Certificate” box, paste the contents of the Entra “Certificate (Base64)” file you downloaded in Step 11.
- In the “Sign-in Endpoint” box, paste the Entra Login URL.
- In the “Sign-out Endpoint” box, paste the Entra Logout URL.
- Click Save.
- Download the Metadata XML file, which you will upload to Entra.
- In Entra, click Upload metadata file at the top of your SAML app page.
- Find and select the metadata XML file you downloaded from Blumira.
- Click Add.
- At the top of the “Basic SAML Configuration” window, click Save and then close the window.
- In the lefthand menu, click Users and Groups.
- Click + Add user/group.
- In the “Add Assignment” window, click None Selected.
- Click the check box next to the users and groups you want to allow to use SAML SSO in Blumira.
- Click Select.
- Click Assign.
Users can now log in to Blumira using SAML SSO, however they must create a new MFA token when they first attempt SSO.
Reference:
- For additional Blumira SSO options, see Configuring SSO for your organization.
- For details about Microsoft's SAML SSO, see Enable single sign-on for an enterprise application or How the Microsoft identity platform uses the SAML protocol.