Skip to main content

Introduction to Azure SSO and Provisioning

Overview

This guide provides step-by-step instructions for setting up Single Sign-On (SSO) and user provisioning using Microsoft Azure Active Directory (now called Microsoft Entra ID). The objective is to seamlessly integrate your application with Azure, ensuring a secure and efficient authentication process while also enabling automatic user provisioning.

By following this guide, you will:

  • Configure an Enterprise Application in Azure.
  • Set up SSO using SAML2.
  • Enable automatic user provisioning to sync users from Azure AD to your application.
  • Define and map app roles to manage permissions effectively.

Why Use Azure for SSO and Provisioning?

Microsoft Azure is a widely adopted cloud platform that provides robust identity and access management capabilities. By integrating your application with Azure, you benefit from:

  • Secure Authentication – Leverage Azure’s identity provider with multi-factor authentication (MFA) and compliance standards.
  • Seamless User Experience – Enable users to log in using their existing organizational credentials without additional account creation.
  • Automated Provisioning – Automatically create, update, or disable user accounts based on their Azure AD profiles.
  • Scalability – Manage access and authentication at scale across different enterprise applications.

Prerequisites

Before proceeding with the setup, ensure the following prerequisites are met:

  • Your portal is registered in the TMS and is active.
  • A valid domain alias exists on the designated environment.
  • Access to Azure Portal (http://portal.azure.com) with the necessary administrative privileges.
  • Knowledge of SAML2 authentication (recommended, but not required).

What’s Covered in This Guide

This guide is divided into two major sections:

  1. Setting Up Single Sign-On (SSO) in Azure

    • Creating an Enterprise Application
    • Configuring SAML-based SSO
    • Sending required metadata to TMA for final integration

  2. Enabling User Provisioning in Azure

    • Setting up App Roles (optional, if you need custom roles)
    • Configuring Provisioning Settings in Azure
    • Mapping attributes and synchronizing users automatically

By the end of this guide, you will have a fully functional Azure-based authentication and provisioning setup for your application.