1. Help Center
  2. Customise Refapp
  3. Only for administrators - SSO

Configuring Entra/Azure AD for Refapp SSO

This article will guide you through the steps for configuring Entra/Azure AD for your company account in Refapp.

 

Configuring Entra/Azure AD for Refapp SSO

Microsoft has renamed Azure AD to Entra ID mid-2023. You might see either name used, it refers to the same thing.

  1. Create a “Non-gallery” Enterprise Application in the Entra Portal. SSO-bild 3 
  2. Add the following entries in the “Single sign-on” SAML pane:
    1. Identifier: use the entity id value shown in Refapp.
    2. Reply URLs:
      • If your account is on the "app" instance (app.refapp.se, app.refapp.com):
        • https://app.refapp.se/sso/saml/acs
        • https://app.refapp.com/sso/saml/acs
      • If your account is on the "sec" instance (sec.refapp.se):
        • https://sec.refapp.se/sso/saml/acs
    1. Sign on URL (optional): Similar to https://app.refapp.se/sso/saml/login?cid=<company id>. You get this value from the Refapp Company Settings page (SSO login address). This allows your users to initiate the Refapp login through e.g. https://myapps.microsoft.com.

      SSO-bild 4
  1. Assign users/groups to the application according to your normal operating procedures. Make sure to manage claim to change the source attribute from user.userpricipalname to user.mail for the users created in Refapp to be created with the right email.
    image (6) 
  2. Download the “Federation Metadata XML” file. SSO-setting08
  3. Provide the SAML Application Identifier (Entity Id) and metadata content in the Company Settings page, turn on SAML SSO (“Authentication via SAML SSO”) and test that login to Refapp works.