All Collections
Haystack Intranet
Integrations
Single Sign-On (SSO) & User Provisioning (SCIM)
Microsoft Azure SAML Single Sign-On Set Up
Microsoft Azure SAML Single Sign-On Set Up

If your team uses Azure, configure your workspace to require OneLogin sign-in for your team members.

Alison Morris avatar
Written by Alison Morris
Updated over a week ago

Create a new SAML application in Azure

Within the Azure Active Directory, select "Enterprise applications." , click on “+Create new application”.

Click on "+ Create your own application", name the app (the name you choose for your intranet) and then select "Integrate any other application you don't find in the gallery (Non-gallery)", create the new enterprise application.

Configure SSO for your SAML application

Select “SAML” as the Single Sign On method

Edit the Basic SAML configuration

Identifier (Entity ID): https://[subdomain].haystack.so/api/saml/metadata

Reply URL (ACS URL) URL: https://[subdomain].haystack.so/api/saml/acs

Sign on URL: https://[subdomain].haystack.so/login

Below screenshots use the “staging” subdomain, remember to replace it with your haystack subdomain.

After the SAML app is configured, the SSO configs look like below

Copy the Metadata URL (for IDP metadata) into Haystack User Login Options

We will do this step for you if you do not have an Admin in Haystack yet (just pass the “app federation metadata URL” you can find in the SAML app SSO tab).

If you are a haystack admin, go to Haystack “Admin Console”- > “User Provision and Login”, paste the issuer URL from the Azure SAML app (SSO tab). Remember to replace “staging” in the urls below with your haystack subdomain.

Assign users to the Haystack App

Find the created Haystack app in Azure AD “Enterprise applications”, select "User and Groups" tab and click "+ Add user/group".

Did this answer your question?