Entra SAML SSO

Requirements: You will need admin access to your EntraID portal.

1. Provide your Allowed Domain for SSO to the Nebulock team.

2. Nebulock team will provide you with the following:

   1. An Audience URI
   2. An ACS URL

3. Login to your EntraID portal, and navigate to “Enterprise Apps” and “New application” in the left menu.

   

4. Click “Create your own application”.

   

5. Give your application a name, e.g. Nebulock Platform SSO.

   

6. Once the application is created, select “Set up Single Sign On” and “SAML” for the method.

   

7. In the “Basic SAML Configuration” section, click “Edit.” Here is where you will paste the information provided by Nebulock. In the Identifier (Entity ID) paste the Audience URI, and in the Reply URL (Assertion Consumer Service URL) paste the ACS URL.

   

8. Next scroll down to the “Attributes and Claims” section and click “Edit”.

   1. First, update the “Required Claim” and change the “Source Attribute” to user.primaryauthoritativeemail

   2. Next, delete the default “Additional Claims”, click “Add new claim” and add each of the below individually.

      1. Claim Name: firstName, Source Attribute: user.givenname
      2. Claim Name: lastName, Source Attribute: user.surname
      3. Claim Name: id, Source Attribute: user.objectid
      4. Settings should appear like the following:
      

9. Next copy your App Federation Metadata URL and send this to the Nebulock team.

   

10. Now you are ready to add users to the application. Once you have added a user, verify the login is working by navigating to the Nebulock Platform, click "Login with SSO", and enter your domain.