Back to SSO Setup Options

Setting up SAML SSO with Microsoft Entra

Follow these steps to configure Microsoft Entra as your SAML identity provider for Atticus.

Note: These instructions cover the basic setup only. Your organisation may have different requirements or specific security policies. If you need assistance or have questions about your specific setup, please reach out to your Atticus account manager or our support team.
Step 1

Create a New Enterprise Application

Start by signing in to the Microsoft Entra admin center. Once you're logged in, navigate to IdentityApplicationsEnterprise applications.

Click the New application button to begin creating a new integration. On the next screen, select Create your own application.

Microsoft Entra create your own application screen

Enter a name for your application (e.g., "Atticus"), and select the option Integrate any other application you don't find in the gallery (Non-gallery). Click Create to finalize the application creation.

Microsoft Entra application naming screen
Step 2

Configure SAML-based Sign-on

In your newly created application, navigate to Single sign-on in the left menu.

Microsoft Entra single sign-on menu showing SAML option

Select SAML as the single sign-on method. In the Basic SAML Configuration section, click Edit to open the configuration panel.

Enter the connection values provided by Atticus below. These values link your identity provider with Atticus — ensure each field matches exactly:

  • Identifier (Entity ID): Enter the Entity ID (e.g., https://app.atticus.tech)
  • Reply URL (Assertion Consumer Service URL): Enter the Reply/ACS URL (e.g., https://app.atticus.tech/api/v1/auth/sso/saml/callback/4aedd0de-48ce-4c70-9d11-2c7156e6df80)

Click Save to apply your SAML configuration.

Microsoft Entra SAML configuration panel showing Entity ID and Reply URL fields
Step 3

Configure Attributes and Claims

Next, you'll need to configure the attributes and claims that will be passed to Atticus during authentication. These determine what user information your identity provider sends to Atticus.

In the Attributes & Claims section, click Edit to open the configuration panel. Modify the Unique User Identifier (Name ID) to use a Persistent format and set the Source Attribute to user.objectid. This sends the Entra Object ID as the Name ID, which is a stable, persistent identifier that will never change — even if a user's name or email is updated.

Microsoft Entra Name ID attribute configuration

Configure the additional claims as shown:

  • emailaddress: user.mail
  • givenname: user.givenname
  • surname: user.surname

Optional: If you would like to send an Employee ID, Salary ID, or other organisational identifier to Atticus, you can add it as an additional claim. Click Add new claim and configure it, for example:

  • employeeid: user.employeeid

Consult with your Atticus account manager if you would like to include additional identifiers.

Microsoft Entra attributes and claims configuration showing email, first, and last name mappings

Ensure the Namespace for each Additional Claim is: http://schemas.xmlsoap.org/ws/2005/05/identity/claims. Once you've configured all the necessary claims, click Save to apply your changes.

Step 4

Share Metadata with Atticus

The Entra application for Atticus is now configured! The final step is to provide the SAML metadata to Atticus.

In the SAML Certificates section, locate the Federation Metadata XML entry. Click Download to save the metadata file to your computer.

Once downloaded, provide this metadata file to your Atticus account manager or the Atticus platform team to complete the integration. You can also send the App Federation Metadata Url link.

Microsoft Entra SAML certificates section showing Federation Metadata XML download option
Setup Complete! Your Microsoft Entra SAML SSO is now configured. Once the Atticus team completes the configuration, users will be able to sign in using their Microsoft credentials.