SAML SSO with Entra

Plans supporting single sign on (SSO)

Professional
Business
Enterprise






You can configure Document360's SAML Single Sign-On (SSO) with the Microsoft Entra as the Identity provider. Please note that only users with Owner or Admin as Project role can configure SSO in Document360.

PRO TIP

It is recommended to open Document360 and Entra in two separate tabs/browser windows, since configuring SSO in Document360 will require you to switch between Okta and Document360 multiple times.

Adding an application in the Azure portal

Accessing the Azure AD portal

Accessing the azure Active Directory portal

  1. Log in to your Microsoft Azure account.

  2. Click on Portal available on the top-right of the window.

  3. You would be redirected to the portal (Link: https://portal.azure.com/#home).

Adding your application

The 'Own application' is called 'Customer application' in this document.

  1. Log in to your Azure account and visit the Azure portal page.

  2. From here click on the + New application option and select Non-gallery application.

  3. Type in the name of your application and click on the Add button at the bottom.

  4. Now you would get a window with the Project name, Application ID, and the Project ID.

  5. In the Getting started section, select the Set up single on option.

    These are the three selections provided

    • SAML

    • Password-based

    • Linked SSO

  6. Select the SAML option, and you can find the five segregated SAML configurations.

  7. You can read a detailed walkthrough of the process in the Azure AD configuration guide.

Adding new application in the Azure Active Directory portal

Configuring SAML in your identity provider

  1. Open Document360 in a separate tab or window.

  2. Navigate to Settings > Users & security > SAML/OpenID in Document360.

  3. Click the Create SSO button.

  1. Select Entra ID as your Identity Provider (IdP) to navigate to the Configure the Service Provider (SP) page automatically.

  1. In the Configure the Service Provider (SP) page, you'll find the required parameters to configure your SAML integration in the Identity Provider.

Azure AD fields

Document360 portal

Identifier (Entity ID)

Service provider entity id

Reply URL (Assertion Consumer Service URL)

Callback path

Sign on URL

https://identity.document360.io (the login page)

Logout URL

Signed out callback path

  1. Copy these from Document360, switch to the Azure AD portal.

  2. On the Set up Sign-On with SAML page, click the Edit icon on the right and paste the data in the corresponding fields defined in the above table.

Image_4-Screenshot-Azure_AD_SAML_configurations

  1. Click on the Save icon at the top after you've entered all the mandatory fields


Document360 SSO configuration

Finally, complete the SSO configuration in Document360:

  1. Return to the Document360 tab/window displaying the Configure the Service Provider (SP) page and click Next to navigate to the Configure the Identity Provider (IdP) page.

  2. Enter the corresponding values from your Identity Provider:

Document360 portal fields

Azure AD portal values

Sign On URL

Login URL

Entity ID

Azure AD identifier

Sign Out URL

Logout URL

SAML certificate

Download Certificate (Base64) from Azure AD side and upload in Document360

  1. Toggle on/off the Allow IdP initiated sign in option based on your project requirements.

  2. Click Next to proceed to the More settings page.

More Settings

In the More settings page, configure the following:

  • SSO name: Enter a name for the SSO configuration.

  • Customize login button: Enter the text for the login button displayed to users.

  • Auto assign reader group: Toggle on/off as needed.

  • Sign out idle SSO team account: Toggle on/off based on your requirements.

  • Choose whether to invite existing team and reader accounts to SSO.

  1. Click Create to complete the SSO configuration.

Other configuration settings in the Azure AD portal

  1. You can always edit the User Attributes & Claims section

  2. You can either Add a new claim or Add a group claim as well

  3. In the SAML signing certificate section, you can add New certificates or even Import certificates

  4. Multiple notification email addresses can also be added

  5. Once all the fields have been configured, click on the Test option and Log to Document360 using the credentials the user has added to the registered application