SAML SSO with Entra

  • Updated on Mar 28, 2026
  • 4 minute(s) read
Prev Next

Plans supporting this feature: Enterprise

You can configure Document360's SAML Single Sign-On (SSO) with the Microsoft Entra as the Identity provider. Please note that only users with Owner or Admin as Project role can configure SSO in Document360.

PRO TIP

It is recommended to open Document360 and Entra in two separate tabs/browser windows, since configuring SSO in Document360 will require you to switch between Okta and Document360 multiple times.

Adding an application in the Azure portal

Sign in for Entra

  1. Log in to your Microsoft Azure account using your credentials (Link: https://entra.microsoft.com/#home).

  2. Once logged in, you will be navigated to the Microsoft Entra admin center page.

Adding your application

To create an application in Entra to configure with Document360,

  1. In the Microsoft Entra admin center page, select Entra ID from the left navigation bar and click Enterprise apps.

  2. On the Enterprise applications page, click New application > Create your own application.

  3. Enter a name of your app in the Input name field and click Create.

Application in Entra is successfully created.

Configure SAML in Entra with Document360

  1. Open Document360 in a separate tab or panel.

  2. Navigate to Settings > Users & permissions > SSO Configuration in Document360.

  3. Click the Create SSO button.

User management interface showing SSO configuration options and settings for Azure AD.

  1. Select Entra ID as your Identity Provider (IdP) to navigate to the Configure the Service Provider (SP) page automatically.

Select an Identity Provider for Single Sign-On configuration options and settings.

  1. In the Configure the Service Provider (SP) page, you'll find the required parameters to configure your SAML integration in the Identity Provider. Configuration settings for Entra ID with highlighted callback paths and service provider entity ID.

  2. Go to Microsoft Entra, and in the created application page open Single sign-on tab and select SAML method.

Select a single sign-on method, highlighting SAML for secure authentication options.

  1. Then, click Edit on the Basic SAML Configuration section and enter the parameters from Document360 as shown below.

Entra

Document360

Reply URL (Assertion Consumer Service URL)

Callback path

Sign on URL

Callback path

Identifier (Entity ID)

Service provider entity id

Basic SAML configuration settings for Document360 SCIM SSO in Microsoft Entra admin center.

  1. Click Save once you’ve entered the necessary fields.

Document360 SSO configuration

Finally, complete the SSO configuration in Document360:

  1. Return to Document360 and click Next to navigate to the Configure the Identity Provider (IdP) page.

  2. If you already have an existing SSO configuration, you can select it from the Configure an existing connection dropdown to inherit its settings. This eliminates redundant setup and saves time.

 NOTE

For more information on Inheritance, go to Managing Users and Readers with SCIM in Entra.

Configuration settings for creating a new SSO with highlighted fields and options.

  1. Fill in the required fields using the parameters found in the Set up Document360 SCIM SSO section of the Entra page, as shown below.

Entra

Document360

Login URL

Sign on URL

Microsoft Entra Identifier

Entity id

SAML certificate

Certificate (Base64)

  1. Download the Certificate (Base64) in the SAML Certificates section and attach it to the SAML certificate field in Document360.

Document360 SCIM SSO settings with highlighted certificate download options and URLs.

  1. Toggle on/off the Allow IdP initiated sign in option based on your project requirements.

  2. Click Next to proceed to the SCIM provisioning page.

SCIM Provisioning

If needed, you can enable SCIM in Entra with Document360 by following the steps below.

  1. In the SCIM provisioning page in Document360, turn on the Enable SCIM provisioning toggle.

  2. A confirmation dialog will appear, read the terms and click Agree. A set of parameters will then be displayed.

Configuration settings for SCIM provisioning and identity provider setup in a user interface.

  1. Go to Entra, and select Provisioning tab in the left menu and then select New configuration at the top menu.

Overview page of Document360 SCIM SSO with configuration options and application provisioning details.

  1. The New provisioning configuration page will be displayed where you need to fill in the fields in the Admin credentials section.

  2. Navigate back to SCIM provisioning page in Document360 and enter these parameters to Entra as shown below.

Entra

Document360

Tenant URL

SCIM Base URL

Secret token

Primary secret token

 NOTE

Do not click Test connection or Create at this stage. The SSO configuration in Document360 must be completed first before the SCIM provisioning connection can be established successfully.

Configuration settings for Document360 SCIM SSO with highlighted tenant URL and secret token.

  1. Navigate back to Document360 and turn on the Enable group sync toggle. When enabled, users and reader groups are automatically assigned based on IdP group mappings.

  2. In the Default role field, the role is set to Contributor by default. You can change this from the dropdown if needed.

  3. In the User groups and Reader groups fields, select the groups you want to add. Multiple groups can be added, and they will inherit the default role you selected earlier.

  4. Click Next to navigate to More settings page.

More Settings

In the More settings page, configure the following:

  • SSO name: Enter a name for the SSO configuration.

  • Customize login button: Enter the text for the login button displayed to users.

  • Auto assign reader group: This option is only available for existing SSO configurations. For newly created SSO configurations, the Auto assign reader group toggle will not be displayed as SCIM automatically provisions users and groups.

  • Sign out idle SSO user: Toggle on/off based on your requirements.

  • Choose whether to invite existing user and reader accounts to SSO.

Settings for creating a new SSO, including name and login button customization options.

Click Create to complete the SSO configuration.

SSO configuration in Document360 is created successfully.

Complete SCIM provisioning:

  1. Navigate back to Entra, where the New provisioning configuration page is displayed.

  2. Once all the required fields have been filled in, click Test connection to verify the configuration.

Configuration settings for Document360 SCIM SSO with tenant URL and secret token fields.

  1. A confirmation message will appear once the SCIM provisioning connection between Entra and Document360 is successful.

  2. Click Create to finalize the configuration.

The SCIM provisioning between Entra and Document360 has been successfully created.

 NOTE

For more details on how to manage users, readers and groups in Entra. Go to Managing Users and Readers with SCIM in Entra.

Related articles