Back to SSO Setup Options

Setting up SAML SSO with Microsoft Entra

Follow these steps to configure Microsoft Entra as your SAML identity provider for Atticus.

Note: These instructions cover the basic setup only. Your organisation may have different requirements or specific security policies. If you need assistance or have questions about your specific setup, please reach out to your Atticus account manager or our support team.
Step 1

Create a New Enterprise Application

Start by signing in to the Microsoft Entra admin center. Once you're logged in, navigate to IdentityApplicationsEnterprise applications.

Click the New application button to begin creating a new integration. On the next screen, select Create your own application.

Microsoft Entra create your own application screen

Enter a name for your application (e.g., "Atticus"), and select the option Integrate any other application you don't find in the gallery (Non-gallery). Click Create to finalize the application creation.

Microsoft Entra application naming screen
Step 2

Configure SAML-based Sign-on

In your newly created application, navigate to Single sign-on in the left menu.

Microsoft Entra single sign-on menu showing SAML option

Select SAML as the single sign-on method. In the Basic SAML Configuration section, click Edit to open the configuration panel.

Enter the values provided by Atticus:

  • Identifier (Entity ID): Enter the Entity ID (e.g., https://app.atticus.tech)
  • Reply URL (Assertion Consumer Service URL): Enter the Reply/ACS URL (e.g., https://app.atticus.tech/api/v1/auth/sso/saml/callback/4aedd0de-48ce-4c70-9d11-2c7156e6df80)

Click Save to apply your changes.

Microsoft Entra SAML configuration panel showing Entity ID and Reply URL fields
Step 3

Configure Attributes and Claims

Next, you'll need to configure the attributes and claims that will be passed to Atticus during authentication.

Microsoft Entra attributes and claims configuration showing email, first, and last name mappings

In the Attributes & Claims section, click Edit to open the configuration panel. Configure the required claims as shown:

  • emailaddress: user.mail
  • givenname: user.givenname
  • surname: user.surname
  • id: user.objectid or another unique, persistent identifier e.g. Employee ID.

Ensure the Namespace for each is: http://schemas.xmlsoap.org/ws/2005/05/identity/claims. Consult with Atticus if you need guidance on specific attribute mappings. Once you've configured all the necessary claims, click Save to apply your changes.

Step 4

Share Metadata with Atticus

The Entra application for Atticus is now configured! The final step is to provide the SAML metadata to Atticus.

In the SAML Certificates section, locate the Federation Metadata XML entry. Click Download to save the metadata file to your computer.

Once downloaded, provide this metadata file to your Atticus account manager or the Atticus platform team to complete the integration. You can also send the App Federation Metadata Url link.

Microsoft Entra SAML certificates section showing Federation Metadata XML download option
Setup Complete! Your Microsoft Entra SAML SSO is now configured. Once the Atticus team completes the configuration, users will be able to sign in using their Microsoft credentials.