Skip to Content
πŸ‘©β€πŸ‘¦β€πŸ‘¦ SAML SSO Microsoft Entra
πŸ‘©β€πŸ‘¦β€πŸ‘¦

SAML SSO Microsoft Entra

This documentation describes the configuration steps to follow for Microsoft Entra

Create application

1. Got to the Entra admin center: https://entra.microsoft.com/#home and click "New application"


2. Now select "Create your own application"


3. Give your application a name, and select a non-Galary application, and hit "CREATE"


Configure the Entra application

Now we are going to configure the new application's Single sign-on

1. Select Single sign-on and click SAML


2. Now click edit on the "Basic SAML configuration" block


3. Look up the red text inside Brainframe workspace settings (Authentication) and fill them in accordingly, while leaving other options empty. Click SAVE


4. Now click edit on the "Attributes & claims" block


5. Delete all existing claims from "additional claims" (not required claim) by clicking the 3 dots and hitting delete

6. Now add your individual claims by clicking "Add new claim"

7. Now add the 3 required claims "firstname", "lastname" and "WorkspaceId" (attention, this is case sensitive!)



ATTENTION, the claim names are case sensitive. So it must be "WorkspaceId"


The end result will look similar to this:


Brainframe configuration

Now that the Microsoft Entra is properly configured, we are going to configure this application inside the Brainframe workspace settings (Authentication)


1. Copy the "Login URL" from Microsoft Entra and paste it in "IdP Single sign on (SSO) Login URL" field on Brainframe


2. Download the Entra SAML Certificate in Base64 and copy the text without the BEGIN/END Certificate lines and paste it in the "IdP application certificate" field in Brainframe


Test the integration

1. Now make sure to add users to your application before you test


2. Test your application


3. Your app is now available to the assigned users



Common error:

  • Failed to read asymmetric key: you should update the β€œIdP application certificate β€œin brainframe  settings with the IdP BASE64 certificate (without the BEGIN/END Certificate line)
  • All attributes are case sensitive (e.g. make sure to use WorkspaceId as parameter and not Workspaceid)