Skip to main content
All CollectionsSecurity and PrivacySingle Sign-On (SSO)
Enable SAML login to Salto with Microsoft Entra ID (f/k/a AzureAD)
Enable SAML login to Salto with Microsoft Entra ID (f/k/a AzureAD)

Customers who use Microsoft Entra ID as their IdP can securely connect to Salto through SAML

Zalary Young avatar
Written by Zalary Young
Updated over a year ago

Prerequisites

  1. Salto SAML integration is available for enterprise customers (see info about plans here: https://www.salto.io/pricing)

  2. Contact support@salto.io in order to initialize the process.

Supported features

  • IdP-initiated SSO

  • SP-initiated SSO

  1. Sign into Entra (Azure AD) admin dashboard (entra.microsoft.com)

  2. Open Applications → Enterprise applications

  3. Click on + New application

  4. Give the app a name and select Integrate any other application you don’t find in the gallery (Non-gallery) and then click the Create button

  5. Open Manage → Properties menu

  6. You should see a screen similar to this, where you can upload Salto logo from here

  7. Go to Manage → Users and groups and assign relevant users to be able to use this application

  8. Open Manage → Single sign-on and select SAML

  9. Edit Step 1

    1. Identifier should be: urn:auth0:salto:REPLACE_ME

    2. Reply URL (Assertion Consumer Service URL) should be: https://auth.salto.io/login/callback?connection=REPLACE_ME

      1. REPLACE_ME should be replaced with the connection name you got from Salto, or you can use your domain name with hyphens instead of dots, e.g.:
        acme.com → acme-com
        acme.co.uk → acme-co-uk

  10. Edit Step 2

  11. Set up the claims required for Salto SAML integration

    1. user.mail email

    2. user.surname family_name

    3. user.givenname given_name

    4. The namespaces can be removed

      It is recommended to verify that the Users that are going to use Salto have valid values for these 3 fields

  12. Send back to Salto support:

    1. Download Certificate Base64

    2. Login and Logout URLs

  13. Salto support team will processes your request and notify you when it is ready

  14. Your SAML configuration for Salto is complete. You can start assigning users and groups to the application.

  15. For IDP-initiated SSO, after clicking Salto app in Entra ID "Apps Dashboard", you will be redirected to https://app.salto.io/

  16. For SP-initiated SSO, navigate to https://app.salto.io/login, and enter the your email address:

Troubleshooting

If you encounter any issue during the process, or a generic access denied message after authenticating through Microsoft Entra ID, consult with Salto support team (support@salto.io).

Please note, the Org Admin user in Salto must invite other users to the org, otherwise when new users log in via SSO they will not be able to access the Salto application.

See this article about inviting members for more information:

https://help.salto.io/en/articles/6845032-inviting-members

Did this answer your question?