Configuring SAML with Microsoft Entra ID

Step 1: Create a New Entra ID SAML Application

  1. Log in to Azure Portal as an administrator.
  2. Click on Microsoft Entra ID in the control panel, or use the search bar at the top.
  3. In the left-hand menu, select Enterprise applications.
  4. Click on New application and choose Create your own application.
  5. Enter a name for your application and select Integrate any other application you don’t find in the gallery (Non-gallery). Microsoft Entra ID Create New Application
  6. Click Create and wait for the application creation process to complete.
  7. Once the application is created, go to the application’s page and click on Set up single sign-on.

Microsoft Entra ID Set Up Single Sign-On

Step 2: Basic SAML Configuration

  1. Click on the edit icon in the top right corner of the Basic SAML Configuration block.
  2. Enter DocuSeal Information:
    • Identifier (Entity ID): Enter the Metadata URL from the DocuSeal SAML SSO page.
    • Reply URL (Assertion Consumer Service URL): Enter the Single Sign-On URL from the DocuSeal SAML SSO page.
  3. Click Save.

Microsoft Entra ID Basic SAML Configuration

Step 3: Attributes & Claims

  1. Click on Edit in the Attributes & Claims block.
  2. Select the Unique User Identifier (Name ID) field.
  3. For the Name identifier format, choose Email Address.
  4. For the Source attribute, select user.mail.
  5. Click Save.

Microsoft Entra ID Manage Name ID Format

Step 4: SAML Certificates

  1. Copy App Federation Metadata Url and paste it into the SSO Service URL field in the DocuSeal SAML SSO page.
  2. Click on Download next to Certificate (Base64) and save the file.
  3. Open the .cer file in a text editor and copy its contents.
  4. Paste the copied certificate content into the Certificate field in the DocuSeal SAML SSO page.

Microsoft Entra ID SAML Certificate

Step 5: Test single sign-on

  1. Click on Test at the bottom of the page.
  2. In the panel that opens on the right, click on Test sign in.
  3. If everything is working correctly, you will be redirected to the DocuSeal dashboard. If you encounter an error indicating that you don’t have access, complete step 6 and try again.

Microsoft Entra ID Test Single Sign-On

Step 6: Assign Users

  1. Click on Users and groups in the left-hand menu.
  2. Click on Add user/group and select the users who should have access to DocuSeal.
  3. Click Select then Assign.

Microsoft Entra ID Assing Users

Ensure that the email addresses of your users in DocuSeal match the assigned Microsoft user email addresses.
This is crucial for the SAML SSO to function correctly.