Set up an effortless sign-on experience across your organization with Microsoft!
NOTE: To successfully set up SSO with Microsoft Entra, the user must have administrator roles in SimGate Portal and Microsoft Entra.
Set up SSO with Microsoft
To set up SSO correctly with Microsoft Entra, please follow the steps below.
Create a new SAML application in Microsoft Entra
In your enterprise Microsoft Entra admin center, select Applications from the sidebar navigation and select Enterprise applications.
Click the + New application button.
On this page, click + Create your own application button.
Enter a name for your app and keep the option, Integrate any other application you don’t find in the gallery (Non-gallery).
After successfully creating your application, you will find it under the list of Enterprise applications.
Click on your new application and select the Single sign-on under the Manage section.
Select the SAML option for the Select a single sign-on method.
On the Single sign-on page, at section 3: SAML Certificates, click the Edit button. You should have one certificate with an Active status. Click the dropdown menu on the right and select Download federated certificate XML.
Open the downloaded FederationMedata.xml file. Copy and save the following value for the next step:
X509Certificate
You will be using this value to fill in the SimGate Portal - SSO Settings page.
On the Single sign-on page, at section 4: Set up SAML Test, copy and save the following values for the next step:
Login URL
Microsoft Entra Identifier
You will be using these values to fill in the SimGate Portal - SSO Settings page.
Create a new provider in SimGate Portal - SSO Settings
In the SimGate Portal, navigate to the SSO Settings page and click the button to Add provider.
Choose Microsoft as the Provider and optionally provide a Provider Nickname. This will show up as the Display Name.
On this form, paste the values from the last two steps from the Microsoft Entra Admin Console into the correct corresponding fields:
Login URL → Single Sign-On (SSO) Provider URL
Microsoft Entra Identifier → Identifier (Entity id)
X509Certificate → Certificate
On this page, copy and save the following values for the next step:
Assertion Consumer Service (ACS) URL
Service Identifier (Entity Id)
You will be using these values to fill in the fields in the next step on the Microsoft Entra admin center.
Finish set up of the SAML application in Microsoft Entra
In your Microsoft Entra admin center, on the Set up Single Sign-On with SAML page, at section 1: Basic SAML Configuration, click the Edit button.
On this form, paste the values from the last step into the correct corresponding fields:
Assertion Consumer Service (ACS) URL → Reply URL (Assertion Consumer Service URL)
Service Identifier (Entity Id) → Identifier (Entity ID)
Click Save.
Ensure your section 2: Attributes & Claims have the correct mappings to the ones below.
Your SAML app should now be correctly configured, but you need to set up user access. On the left under the Manage section, click Users and groups. Click + Add user/group to configure access to login with this SAML application.
You have now finished setting up your SSO SAML application in Microsoft Entra.
Finish set up of Microsoft in SimGate Portal - SSO Settings
In the SimGate Portal - SSO Settings page, input the Domain Name(s) that will be allowed access. These domain names will correspond with the email address of the user initiating a sign in. This can be one or multiple domains, separated by commas.
Ensure that all values are filled in with no empty fields and no beginning or ending white spaces.
Click Save changes. If there is an error on the form, go back and ensure all the fields are filled in correctly.
Choose the app types and enable the SSO provider
After successfully saving, you’ll now need to choose where the login will appear.
Choose Portal / Studio and/or Dashboard / SimPlayer to display the Microsoft login in those applications.
Toggle the Status button to ENABLE or DISABLE to allow users to login through Microsoft.
After changing the Status and Apps, click Save changes.
Your SSO login should now be live and ready to login with the new SSO login.