Azure Microsoft Entra ID (Active Directory)

Configure SAML with Azure Microsoft Entra ID

Required information provided by Kubit Team:

  • Identifier (Entity ID): urn:amazon:cognito:sp:<CONNECTION_ID>
  • Reply URL: https://kubit-<YOUR_ORG>.auth.<REGION>.amazoncognito.com/saml2/idpresponse

To add a new application in Microsoft Entra ID:

  1. Sign in to the Azure portal.
  2. Search for and select Microsoft Entra ID.
  3. In the left sidebar, choose Enterprise applications.
  4. Choose New application.
  5. On the Browse Microsoft Entra Gallery page, choose Create your own application.
  6. Under What’s the name of your app?, enter kubit-sso and select Integrate any other application you don’t find in the gallery (Non-gallery). Then choose Create.

To set up Single Sign-on using SAML:

  1. On the Getting started page, in the Set up single sign-on tile, choose Get started.
  2. On the next screen, select SAML.
  3. In the middle pane under Set up Single Sign-On with SAML, in the Basic SAML Configuration section, choose the edit icon.
  4. In the right pane under Basic SAML Configuration, replace the default Identifier ID (Entity ID) with the Identifier (Entity ID) the Kubit Team has provided. In the Reply URL (Assertion Consumer Service URL) field, enter the Reply URL the Kubit Team has provided. Choose Save.
  5. In the middle pane under Set up Single Sign-On with SAML, in the Attributes & Claims section, choose Edit.
  6. Choose Add a group claim.
  7. On the Attributes & Claims page, in the right pane under Group Claims, select Groups assigned to the application, and leave Source attribute as Group ID. Choose Save.
  8. Note down the Claim names under Additional claims and provide those to the Kubit Team.
  9. Close the Attributes & Claims screen by choosing the X in the top right corner. You’ll be redirected to the Set up Single Sign-on with SAML page.
  10. Scroll down to the SAML Signing Certificate section, and copy the App Federation Metadata Url by choosing the copy into clipboard icon. Please provide that URL to the Kubit Team.

Please, provide the collected information to the Kubit Team. Once we're done with configurations on our side we'll contact you.