How to setup SSO with Azure AD (SAML)

Enable Azure AD SAML for Single Sign-On in Zeeg with our easy guide on setting up SSO using Microsoft Entra-ID for enhanced user access and security.

To configure Azure AD SAML for Single Sign-On (SSO) of your organization users to Zeeg with Microsoft Entra-ID, please follow the next steps.

Please note that you must first have an organization in Zeeg, and your role must be either owner or admin.

SSO and SCIM can be offered with an Enterprise account. Please contact us to learn more about it.

1. Enable SSO for your organization in Zeeg

From your Zeeg dashboard, select Your Organization.
Go to the SSO tab.
Click on Activate; Zeeg will then generate and show the required information for the SSO setup which will be used in the next steps.

2. Add Zeeg as an Enterprise Application in Azure AD

Open your Azure portal in a separate tab and browse to Enterprise Applications.
Click on + New application at the top.
Click on + Create your own application.
Enter a name for the application such "Zeeg", and select "Integrate any other application you don’t find in the gallery".
Click on Create.

3. Configure IdP

Select from the left sidebar.
Click on SAML.
At box 1 in Azure, Basic SAML Configuration , click on at the top right of the box and select Edit.
1. From your Zeeg SSO dashboard, copy Audience URL (Entity ID) and paste it in the Identifier (Entity ID) field in Azure.
2. From your Zeeg SSO dashboard, copy Reply URL (ACS) and paste it in the Reply URL (Assertion Consumer Service URL) field in Azure.
3. From your Zeeg SSO dashboard, copy Sign On URL and paste it in the Sign on URL field in Azure.
4. In Azure, enter https://app.zeeg.me/ for the Relay State field.
5. From your Zeeg SSO dashboard, copy Sign Out URL and paste it in the Logout Url field in Azure.
6. Select Save.
At box 2 in Azure, Attributes & Claims , click on at the top right of the box and select Edit.
1. Under Required claim click on Unique User Identifier (Name ID).
2. At Source attribute, search for user.mail and select.
3. Save.
4. Under Additional claims, delete all existing claims by clicking onand then Delete.
5. Add a claim for email:
  1. Select + Add new claim
  2. Under Name, enter email.
  3. At Source attribute, search for user.mail and select.
  4. Save.
6. Add a claim for firstName:
  - Select + Add new claim.
  - Under Name, enter firstName.
  - At Source attribute, search for user.givenname and select.
  - Save.
7. Add a claim for lastName:
  - Select + Add new claim.
  - Under Name, enter lastName.
  - At Source attribute, search for user.surname and select.
  - Save.
Azure has by now now generated a new SAML Signing Certificate. Refresh the page to view it at box 3.
At box 3 in Azure, SAML Certificates, download the Certificate (Base64).
1. Open the file in a text editor. (we will soon add the option to import a certificate to improve your experience)
2. Copy only the main content between the BEGIN and END lines.
3. Paste the content in the Signing Certificate field of the IdP section in your Zeeg SSO dashboard.
At box 4 in Azure, Set up Zeeg (or different name depending on what chose earlier):
1. Copy Login URL and paste it in the Sign On URL field of the IdP section in your Zeeg SSO dashboard.
2. Copy Microsoft Entra Identifier and paste it in the Issuer field of the IdP section in your Zeeg SSO dashboard.
3. Copy Logout URL and paste it in the Sign Out URL field of the IdP section in your Zeeg SSO dashboard.

4. Assign users to the Zeeg Enterprise Application in Azure

From Enterprise Applications in Azure, select the application you created for SSO with Zeeg.
Under Getting Starter, click on 1. Assign users and groups.
Click on + Add user/group.
Under Users, if ou haven't already assigned any users, you will see None selected; click on that.
In the opened box, search and select your users, and then click on Select; the box will close.
Click on Assign.

Last updated 3 months ago