Skip to main content

Azure Entra SSO Setup for Authorium

Configuring Single Sign-On (SSO) in Azure Entra allows Authorium to integrate with your organization's identity management, ensuring secure and centralized access control.

note
Users can be added to Authorium manually (via invite or link), and SSO can be enabled at a later time without issues.

1. Create Authorium Application in Azure Entra​

  1. Go to the Azure Entra Admin Center
  2. Sign in with your Azure AD administrator credentials.
  3. In the left-hand menu, go to Applications > Enterprise applications
Azure Entra Admin Center
  1. Click New application.
  1. In the Microsoft Entra Gallery, choose Create your own application
  1. Name it Authorium in What’s the name of your app?.
  2. Select "Integrate any other application you don't find in the gallery (Non-gallery)"
  3. Click Create.

2. Set Up Single Sign-On​

After the app is created, open the Single sign-on section and choose the method:

SAML (Preferred)​

  1. Choose SAML.

  2. Enter the following details:

    • Identifier (Entity ID):
      https://app.authorium.com/auth/entra_id
    • Reply URL (ACS URL):
      https://app.authorium.com/users/auth/entra_id/callback
    • Logout URL:
      https://app.authorium.com/users/auth/saml/single_log_out

  3. Under SAML Certificates, download the Federation Metadata XML.

    Note
    Save the file as .txt before uploading to Authorium.

OpenID Connect and OAuth​

  1. Navigate to App registrations in Azure (search for it under "More services").

  1. Click New registration and provide:

    • Name: e.g. Authorium OAuth SSO
    • Supported account types: leave as Single tenant
    • Redirect URI:
    • Type: Web
    • URI: https://app.authorium.com/users/auth/entra_id/callback

  2. Click Register.

App Details to Collect​

  • Application (client) ID
  • Directory (tenant) ID

Create a Client Secret​

  1. Go to Certificates & secrets > New client secret.
  1. Add a description (e.g. Authorium Production).
  2. Set an expiration (6 months recommended).
  3. Click Add.
  4. Copy the generated Secret Value β€” this will be required in Authorium.

3. Assign Users and Roles​

  1. In your Authorium app in Azure Entra, go to Users and groups.
  2. Click Add user/group.
  3. Select users/groups who need access.
  4. Assign roles if needed.

4. Configure Authorium​

  1. Sign in to Authorium as a super admin.
  2. Go to:
    App Administration > Agency Organizations
  3. Search for and select your organization.
  4. Verify that the domain is correctly set (e.g. dept.ca.gov, no https://).

Configure SSO​

  • Navigate to Internal Authentication > Single Sign-On

  • For Identity Provider, choose Entra ID

  • Upload the .txt version of the Federation Metadata XML

  • Manually enter the following from Azure:

    • SAML Sign-On Endpoint
    • SAML Logout Endpoint
    • SAML Issuer (Microsoft Entra Identifier)

  • Ensure "Require User Re-authentication" is enabled

  • Click Save and Apply Authentication

5. Test the Configuration​

  1. Go to the Authorium login page
  2. Log in using the SSO method
  3. Confirm:
  • Successful login via Azure Entra
  • Proper access to the assigned application
  • Roles and permissions are correctly applied
Note
Notify the Authorium team of the SAML certificate expiration date so they can schedule a renewal reminder 60 days in advance.

global-project-content-guides