Documentation

Configuring Vouched SSO with Azure AD / Microsoft Entra ID

Configure Azure Active Directory (Microsoft Entra ID) as your SAML 2.0 identity provider for Vouched SSO using your Vouched SP metadata values.


Configure Azure Active Directory (Microsoft Entra ID) as your SAML 2.0 identity provider (IdP) for Vouched SSO.

This guide walks through configuring Azure AD / Microsoft Entra ID for Vouched SSO.

Prerequisites

Before you begin:

  • Complete Steps 1–2 in the SSO / SAML Configuration guide.
  • Copy your Vouched SP metadata values from the IdP Configuration section.
  • Sign in to the Azure portal with permission to create and manage enterprise applications.

Configure Azure AD / Microsoft Entra ID for Vouched SSO

1. Create an enterprise application

  1. Log in to the Azure Portal.
  2. Navigate to Azure Active Directory > Enterprise Applications.
  3. Click New application.
  4. Click Create your own application.
  5. Give the app a name, such as Vouched.
  6. Select Integrate any other application you don't find in the gallery.
  7. Click Create.

2. Configure single sign-on

  1. In your new application, click Set up single sign-on.
  2. Select SAML.
  3. In the Basic SAML Configuration section, click Edit.
  4. Enter the following values from your Vouched IdP Configuration section:
Azure AD fieldValue
Identifier (Entity ID)Use the Entity ID from Vouched
Reply URL (Assertion Consumer Service URL)Use the ACS URL from Vouched
Sign on URLUse the Sign-On URL from Vouched
  1. Click Save.

3. Configure attributes and claims

  1. In the Attributes & Claims section, click Edit.
  2. Ensure the following claims are present. Add or edit them if needed:
Claim nameSource attribute
firstNameuser.givenname
lastNameuser.surname

Note on NameID: By default, Azure AD uses the user's UPN (user principal name) as the NameID. If your users' UPNs do not match their email addresses, update the Unique User Identifier (Name ID) claim to use user.mail instead.

4. Retrieve your Azure AD metadata

  1. In the SAML Signing Certificate section, find the Federation Metadata XML row.
  2. Click Download to get the metadata XML file, or copy the App Federation Metadata Url.
  3. Paste the URL into the Metadata URL field in Vouched, which is recommended, or upload the XML into the Metadata XML field.
  4. Click Save.

5. Assign users

Navigate to Users and groups in your Enterprise Application and assign the users or groups who should have access to Vouched through SSO.

Need help?

Contact Vouched support with a description of the issue and the step where it occurs.

Updated 1 day ago