Learn how to set up an Enterprise Connection with Microsoft Entra.
Dashboard
.API URL
.Settings > Enterprise connections
.Enterprise connections
find the Redirect URL
panel.Identity > Applications > Enterprise Applications
in the left sidebar.New Application
. This will open the Microsoft Entra Gallery
.Microsoft Entra Gallery
, click Create your own appplication
.Integrate any other application you don't find in the gallery (Non-gallery)
.Create
to create the application.Single sign-on
in the application sidebar.SAML
as the SSO method.Basic SAML configuration
panel and click Edit
.Identifier (Entity ID)
click Add identifier
and enter you project API URL
(see Prerequisites - Service Provider Entity ID).Reply URL (Assertion Consumer Service URL)
click Add reply URL
and enter your ACS URL
(see Prerequisites - Service Provider ACS URL).Save
.SAML Certificates
panel, find the App Fedration Metadata Url
and copy it. You need this for
configuring the enterprise connection with Hanko.Single sign-on
configuration, find the Attributes & Claims
panel and click Edit
.Additional Claims
listed that have been added to your application per default. Find the claim that
maps the Entra user’s user.email
property and click it.Name
is equal to emailaddress
and the Namespace
is equal
to http://schemas.xmlsoap.org/ws/2005/05/identity/claims
.user.email
property, choose a different source for the
mapping. Note that the email address value present in this attribute is used to
provision and link accounts.
This means that any new accounts created at your Hanko project will use this email address value and any existing
accounts in your Hanko project will be linked via this email address value.Identity > Applications > Enterprise Applications
in the left sidebar.Manage > Properties
.No
, all users will be able to sign in.My Apps
in their profile and the O365 app launcher.Yes
in step 4, then select Manage > Users and groups
.Add user/group
.Users
, click None selected
/X user selected
.Select
.Settings > Enterprise connections
.Connections
, click New connection
.Name
for the connection.Domain
for the connection. When users authenticate via SAML SSO, the domain of the email
address provided as an identifier at the start of an authentication flow must match the domain configured here.Metadata URL
. This is the URL you copied in step 14 in Create a Microsoft Entra application.Save
to create the connection.Single sign-on
configuration for your application (see step 8 in Create a Microsoft Entra application).Test single sign-on with My App
panel and click the Test
.