Skip to main content
Skip table of contents

Enabling SSO for myEAS/EAS with Microsoft Entra ID (SAML)

Use Microsoft Entra ID (formerly Azure Active Directory) to enable Single Sign-On (SSO) for myEAS/EAS with the SAML (Security Assertion Markup Language) protocol. With this setup, your users sign in through Microsoft Entra ID and get secure, seamless access to myEAS/EAS without separate credentials.

This configuration establishes trust between Microsoft Entra ID (Identity Provider) and Retarus (Service Provider).

Prerequisites

  • You have administrator access to the Microsoft Entra admin center.

  • Each user’s email address attribute is available in your directory. SSO uses the mail attribute to authenticate users.

Configuring SAML SSO

Creating a new enterprise application

  1. Sign in to the Azure portal and go to Entra ID - Enterprise applications - All applications.

  2. Select New application.

image-20251103-095752.png

→ The Browse Microsoft Entra App Gallery page opens.

  1. Click Create your own application.
    → The Create your own application panel opens.

image-20251103-095936.png

  1. Enter a name for the application (for example, myEAS SSO) and activate the Integrate any other application you don’t find in the gallery (Non-gallery) option.

  2. Click Create.

Assigning users and groups

  1. From the left app menu, select Users and groups.

image-20251103-100440.png

  1. Click Add user/group and define the users or groups who should have access to EAS/myEAS.

image-20251103-103340.png

Configuring SAML-based SSO

  1. From the left app menu, select Single sign-on and choose SAML.

image-20251103-100757.png

→ The SSO configuration page opens.

image-20251103-100910.png

  1. In the Basic SAML Configuration section, click Edit and fill in the following fields:

Setting

Value

Identifier (Entity ID)

https://am.retarus.com

Reply URL (Assertion Consumer Service URL)

https://am.retarus.com:443/openam/Consumer/metaAlias/sp

image-20251103-101034.png

  1. Save the configuration.

Configuring user attributes and claims

Retarus requires that Microsoft Entra ID sends the user’s email address in a SAML attribute named mail. This attribute is used to identify and authenticate users.

  1. In the Attributes & Claims section, click Edit.

  2. Locate the default email claim with the following name:
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

  3. Rename this claim to mail.

    This ensures that the user’s email address is correctly transmitted to Retarus during authentication.

image-20251103-102924.png

  1. Save the changes.

Providing SAML certificate metadata to Retarus

  1. In the SAML Certificates section, locate and download the Federation Metadata XML file.

image-20251103-102711.png

  1. Send the file to your Retarus Implementation Engineer to complete the SSO integration.

Retarus Service Provider metadata

For advanced or custom SAML integrations, Retarus provides official Service Provider (SP) metadata describing its SAML configuration.

You can download it here: https://am.retarus.com/openam/saml2/jsp/exportmetadata.jsp?entityid=https://am.retarus.com.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close