Integrated authentication with Microsoft Entra ID

Creating the application

To create an application in Microsoft Entra ID, follow the steps below:

1. Access Microsoft Entra ID.

2. Click Enterprise Applications.

3. Click New Application at the top of the menu.

4. Search for the Azure AD SAML Toolkit plugin at the search bar. This application will be created with the SAML protocol authentication feature, which will be configured in the next steps.

5. Name the application and click Create.

6. Click Single sign-on in the menu on the left and select the SAML method.​

7. Configure the application settings as explained below.

Configuring the application​

Step 1: Obtain the Federation Metadata XML

First you must obtain the Federation Metadata XML from your application setup. This XML file contains the application's confidential information required to configure it within your realm on Digibee, enabling seamless integrated authentication.

To obtain the file, follow these steps:

1. Scroll to the Basic SAML Configuration section.

   • The Download button for the Federation Metadata XML is disabled by default. In this section, you must provide mandatory fields to enable the download.

2. Input temporary placeholder URLs.

   • Since the required information (Identifier, Reply URL, and Sign-on URL) is not provided by Digibee until after the Federation Metadata XML has been received, you must temporarily fill these fields with placeholder URLs, for example, https://placeholder.com.

3. Enter values for all three fields.

   • Once you enter temporary placeholders for the Identifier, Reply URL, and Sign-on URL fields, the Download button for the Federation Metadata XML will become active.

4. Download the XML File.

   • Click Download to save the Federation Metadata XML file.

Step 2: Finalize the application configuration in Microsoft Entra ID

1. Send the XML file to Digibee via Suport. After that, you will receive the Identifier (also called Issuer), Reply URL (also called Callback URL), Sign-on URL, and Metadata URL info.

2. Digibee will provide a Metadata URL containing XML content. Save the XML content to a file with an .xml extension.

3. Go back to the Basic SAML Configuration section and replace the placeholder URLs with the official ones provided by Digibee.

4. Upload the Metadata URL file in XML format as oriented in the Metadata URL section.

5. Ensure that all users who will log in to the application are created in Microsoft Entra ID.

6. Review all settings to ensure accuracy.

7. Save the changes.

8. Click Test this application to verify that it works correctly.

Optional step: Configure group integration

To integrate Digibee Platform groups with Active Directory groups, configure the Attributes & Claims section. If you have done the To/From groups on the Platform, group integration is optional.

1. Click Add a Group Claim. This means that the Active Directory will send the groups to which the user belongs to Digibee in the authentication process,

2. If All Groups is selected, then all Group IDs for the user, including those from other applications, will be sent to Digibee.

1. For a more precise integration, use the Groups Assigned to the Application option to limit the Group IDs sent to Digibee. The users who will log in must be created in the application.

Problem solving

Errors related to incorrect information entry Active Directory usually returns the error on their pages for troubleshooting. In these cases, you can check whether the URLs provided by Digibee were entered correctly, remembering that the URLs must always be entered with HTTPS in Azure . Also, verify if the Metadata XML file was uploaded correctly, as explained above.

The authentication was successful but without automatic group association It’s possible to check the SAMLResponse that was sent to Digibee. The SAMLResponse will always be encoded in Base64 and can be decoded using public tools. The list of Group IDs sent to Digibee is usually within the following tag: