Configuring SSO in Azure using Entra

1. Login to your Microsoft Entra admin center

2. Expand the Applications menu item and click on Enterprise Applications

3. Click on New application

4. Click Create your own application

5. Name your application and select the option to Integrate any other application you don't find in the gallery (Non-gallery)

6. Click the Create button

7. Under Manage, click Single sign-on and then SAML

8. Edit the Basic SAML Configuration

9. In another browser tab, open the Retriever Portal and navigate to Azure Configuration

10. Copy the value for Identifier (Entity ID)

11. Return to Basic SAML Configuration in Entra admin and add the identifier under Identifier (Entity ID)

12. Repeat steps 10 & 11 for the Reply URL

13. Save the configuration in Entra

14. You may need to reload the page after saving

15. Scroll down to #4 to access the Login URL, Microsoft Entra Identifier and Logout URL

16. Copy and paste each value into the IDENTIFY PROVIDER (IDP) section in the Retriever Portal

17. In Entra, download the Federation Metadata XML and open it in your favorite text editor to access the value set for <X509Certificate>

18. Copy the value (do not include the beginning and ending <X509Certificate>tags)

19. Paste the value into the last input box on the Retrievers Azure Configuration screen

20. In Entra, add users to the newly created application

21. Click Users and Groups

22. Click Add user/group

23. Click None Selected

24. Select your users and Assign

25. Return to Single Sign-on and click Test this application.

26. Once a successful test has been performed, you may return to the Azure Configuration section in Retriever to enforce Azure login if desired.

*Please note that the users must already exist in Retriever for this to function as expected.