Skip to main content
  1. Ironclad
  2. Integrations
  3. SSO/SAML

Set Up Microsoft Entra ID (Azure) SSO/SAML Integration

Ariana Kemp
  • Updated

This article will walk you through how to set up Microsoft Entra ID (Azure) SSO/SAML integration in Ironclad. 

Disclaimer: If you change your domain, your access to Ironclad is prohibited. Before migrating your domain, submit a request with our Support Team for assistance.

 

​​​

Set Up Microsoft Entra ID (Azure) in Ironclad

  1. From the Microsoft Entra ID main page, under Manage Microsoft Entra ID, click View.
  2. In the top bar, click + Add.
  3. Select Enterprise application.
  4. On the next screen, in the top bar, click Create your own application. A side panel opens.
  5. In the What’s the name of your app field, enter Ironclad.
  6. Select Integrate any other application you don’t find in the gallery (Non-gallery).
  7. Click Create.
  8. In the left panel, under the Manage section, click Single sign-on. Select SAML.
  9. Set up a basic SAML configuration. To do this:
    1. Next to the Basic SAML Configuration section, click the pencil icon. A panel displays on the right side of the screen.

    2. In the Identifier field, enter na1.ironcladapp.com (or the exact value shown under Company Settings > Integrations > SAML > Show Additional IdP Settings > Service Provider Identifier in Ironclad)

      Screenshot 2026-05-01 at 10.28.11 AM.png
    3. In the Reply URL field, enter the Callback URL found on your Ironclad SAML Integrations page (Company Settings > Integrations > SAML).
  10. Configure the User Attributes & Claims. To do this:
    1. Next to the User Attributes & Claims section, click the pencil icon. A panel displays on the right side of the screen.
      1. In the Additional Claims section, enter the following (case sensitive):Claims.jpeg
        1. In the Claim name field, enter email. In the Value field, enter user.mail.
        2. In the Claim name field, enter firstName. In the Value field, enter user.givenname.
        3. In the Claim name field, enter lastName. In the Value field, enter user.surname.
      2. Verify the Namespace URL field is blank.
  11. Configure the SAML Signing Certificate. To do this:
    1. ​​​​​​​In the SAML Signing Certificate section, locate Federation Metadata XML and click Download. A file named “Ironclad.xml” is downloaded.
    2. On the Ironclad SAML Integrations page (Company Settings > Integrations > SAML)
    3. , under IdP Configuration XML, click Upload. Upload the Federation Metadata XML file from Azure.
    4. Click Save.

The configuration is complete. You can use the Azure Active Directory to add individual users and groups to Ironclad.

Assign Individual Users to the Ironclad App in Microsoft Entra ID

To assign individual users to the Ironclad app in Microsoft Entra ID:

  1. In your Microsoft Azure portal, click the menu located in the top left.
  2. Click Microsoft Entra ID > Enterprise applications > All Applications.
  3. Search for the Ironclad application you created.
  4. Click Assign users and groups, and then click Add user.
  5. Click None Selected.
  6. In the list of users, select the users that you want to add to the Ironclad application.
  7. Click Select, and then click Assign
    • Note: Upon login to Ironclad, if the user sees the Ironclad Dashboard, the Microsoft Entra ID configuration was a success. If there are users provisioned within Ironclad prior to setting up SSO, these users will remain password login users. Reach out to Ironclad Support for assistance migrating existing Ironclad users from password login to SSO login.

Once you receive a confirmation, your users are added to Ironclad.

Assign Groups to the Ironclad App in Microsoft Entra ID

To assign groups to the Ironclad app in Microsoft Entra ID:

  1. In your Microsoft Azure portal, click the menu located in the top left, and then click Microsoft Entra ID > Enterprise applications > All Applications.
  2. Search for the Ironclad application you created.
  3. Click Assign users and groups, and then click Add user.
  4. Click None Selected.
  5. In the list of groups, select the groups that you want to add to the Ironclad application.
  6. Click Select, and then click Assign

Once you receive a confirmation, the users in that group can log in to myapps.microsoft.com and have access to the Ironclad application. 


 

Related articles

Related Articles

Want to learn more about this feature and more? Review the Related Articles. Here, we provide a list of articles curated just for you.

Related articles

Give Feedback