Configure SAML with Microsoft Entra ID

This page explains how to integrate Microsoft Entra ID (Azure AD) as a SAML Identity Provider to authenticate your users on Reemo.

Important

This feature is available starting from the Enterprise plan.

Note

Depending on your deployment mode, SAML can be enabled at the instance level (Private Cloud / On-Prem) or at the organization level (Public Cloud).
Screenshots and labels may vary slightly depending on your interface version.

Configure SAML in Reemo

Case 1: Instance level (Private Cloud / On-Prem)
Configure SAML in the instance’s Admin Area, under the Connectors menu.
Configure SAML in the instance Admin Area

Access Connectors in the instance Admin Area.

Case 2: Organization level (Public Cloud)
From your Organization > Connectors, configure SAML for this organization.
Configure SAML at the organization level

Configure SAML in Organization > Connectors.

Create the SAML Connector in Reemo

  1. Create a new Connector of type SAML Connector.

  2. Fill in the basic fields:

  • Friendly Name: name displayed to your users (e.g., EntraID).

  • Issuer / App URI ID: reemo.

  • The other fields (Entry Point, Federation XML) will be completed after configuring Entra ID.

Creating a SAML connector in Reemo

Fill in the basic fields of the SAML connector.


../_static/images/guides/sso/samlentra_mapping.jpg

Configure Attributes.


SAML connector creation form

Create the connector

3) Validate to generate the connector’s Callback URL. You will need this in EntraID (Single sign-on URL).

Retrieving the connector Callback URL

Copy the Callback URL generated by the SAML connector.

Configure the SAML Application in Entra ID

  1. Log in to the EntraID portal: https://portal.azure.com

  2. Create a new application: Microsoft Entra ID > Manage > Enterprise applications > New application.

  3. Click Create your own application.

    • Give it a name (e.g., Reemo).

    • Choose Integrate any other application you don’t find in the gallery (Non-gallery).

    • Click Create.

  4. Open the application and go to Single sign-on > select SAML.

Select SAML as the Single Sign-On method

Choose SAML as the Single Sign-On method.

  1. In the Set up [app name] section:

  • Copy the Login URL and paste it into IdP Entry Point in Reemo.

Microsoft Entra ID Login URL

Copy the Login URL into the IdP Entry Point field.

  1. In the SAML Certificates section:

  • Copy the federationmetadata.xml URL from the App Federation Metadata URL.

../_static/images/guides/sso/samlazure_certificate.png

Copy the federationmetadata.xml URL.

  1. Paste it into the Federation XML URL field of the Reemo connector.

../_static/images/guides/sso/samlentra_xml.jpg

Fill the fields left to be filled previously

Configure Attributes (Attribute Statements)

Map the attributes so that Reemo receives the correct information from Entra ID:

  • Usernamename

  • Emailemailaddress

  • Full Namedisplayname

Configure the Identifier and Reply URL

To finish the configuration, Entra requires setting up the Identifier and Reply URL (Assertion Consumer Service URL):

  1. In the Basic SAML Configuration section, click Edit.

Edit the Basic SAML configuration

Click Edit to modify the Basic SAML configuration.

  1. Add an Identifier: use the value defined in Reemo (reemo).

  2. Add a Reply URL: use the Callback URL generated by the connector in Reemo.

Add an Identifier and Reply URL

Add an Identifier and a Reply URL with the values from Reemo.

  1. Click Save, then use the Test button to verify the configuration.

Note

The connector’s Callback URL is visible in the connector list, under the Configuration column.

Provision Users

There are two approaches to grant SSO access to users.

Approach A: Explicit provisioning from the organization
Use the Provision SAML User button to add users by entering their email.
Provision SAML User button in the organization

Provision SAML users directly in the organization.

Popup to add SAML users by email

Add users by email through the provisioning popup.

Approach B: Provisioning via SCIM (automatic)
You can automate user account creation with SCIM:

  1. In the Entra portal, open the Reemo application.

  2. Go to Provisioning > Get Started.

  3. Set Provisioning Mode to Automatic.

  4. Fill in:

    • Tenant URL: SCIM API value provided by Reemo (in the connector list).

    • Secret Token: SCIM Token value provided by Reemo.

  5. Click Test Connection, then Save.

SCIM configuration in Entra

Automate user provisioning with SCIM.

You should now be able to provision users from Microsoft Entra ID using the provisioning interface.

Sign in via SAML

Once the connector is active and users are provisioned (or JIT enabled), they can sign in:

  • General portal access (Private Cloud / On-Prem):

    https://[portal_url]/

  • Direct access to the organization (Public Cloud):

    https://[portal_url]/login/[organization_shortname]
SSO authentication screen

Select SAML and click Next to be redirected to Microsoft Entra ID.