Enable SSO with Microsoft Azure/Entra ID

This guide walks you through configuring Microsoft Entra ID as your SAML2 identity provider for single sign-on (SSO) authentication.

Step 1: Create SAML Application in Entra

1. Log into your Microsoft Azure Portal and open the Microsoft Entra ID service
2. Navigate to Enterprise Applications
3. Click New Application
4. Click Create your own application
5. App name: Enter "OakHost" as the application name
6. Select Integrate any other application you don't find in the gallery (Non-gallery) and click Create

Step 2: Configure Entra SAML Settings

1. Once the application has been created, navigate to Manage > Single sign-on
2. Select the SAML method and click Edit in the Basic SAML Configuration section.
3. Sign in to the OakHost Customer Panel and navigate to User Management > Manage SSO.
4. Copy the values provided there and fill in the SAML settings as shown:

5. Click Save.

Step 3: Configure OakHost SAML Settings

1. Copy the following values from the Entra application page and paste them into the OakHost Customer Panel under User Management > Manage SSO:
   • Login URL: Corresponds to IDP Login URL
   • Microsoft Entra Identifier: Corresponds to IDP Entity ID
   • Logout URL: Corresponds to IDP Logout URL
   • Certificate (Base64): Click the Download button, open the file using a text editor and paste it into the IDP X.509 Certificate field in OakHost.
2. Click Create Configuration in the OakHost Customer Panel.

Step 4: Test Integration

The SSO configuration is now complete. You can test the integration by logging out of the OakHost Customer Panel. On the login screen, enter your email address and click Sign in via SSO. You will be redirected to Microsoft for authentication.