Configuring Entra/Azure AD for Refapp SSO

This article will guide you through the steps for configuring Entra/Azure AD for your company account in Refapp.

Configuring Entra/Azure AD for Refapp SSO

Microsoft has renamed Azure AD to Entra ID mid-2023. You might see either name used, it refers to the same thing.

1. Create a New Enterprise Application in the Entra admin center. Select the option "Integrate any other application you don't find in the gallery (Non-gallery)".
    
   
2. Select the second step;  "Set up single sign on". Add the following entries in the “Basic SAML Configuration" pane:
   1. Identifier: use the SAML Entity-id value shown in Refapp. You find the SAML SSO Settings under the "Security" tab in Company settings. 
   2. Reply URLs:
      • If your account is on the "app" instance (app.refapp.se, app.refapp.com):
        • https://app.refapp.se/sso/saml/acs
        • https://app.refapp.com/sso/saml/acs
      • If your account is on the "sec" instance (sec.refapp.se):
        • https://sec.refapp.se/sso/saml/acs

1. 1. Sign on URL (optional): Similar to https://app.refapp.se/sso/saml/login?cid=<company id>. You get this value from the Refapp Company Settings page (SSO login address). This allows your users to initiate the Refapp login through e.g. https://myapps.microsoft.com.
      
      
   3. Download the “Federation Metadata XML” file.
   4. Make sure to turn on the toggle for "Authentication via SAML SSO" inside Refapp.  Provide the metadata content in the box under "SAML Identity Provider XML Metadata".
2. Save and then test that login to Refapp works. 
3.