Breadcrumbs

Enabling SSO for myEAS/EAS with Microsoft Entra ID - SAML

Use Microsoft Entra ID to enable Single Sign-On (SSO) for myEAS/EAS with the SAML (Security Assertion Markup Language) protocol. With this setup, your users sign in through Microsoft Entra ID and get secure, seamless access to myEAS/EAS without separate credentials.

This configuration establishes trust between Microsoft Entra ID (Identity Provider) and Retarus (Service Provider).

Prerequisites

  • You have administrator access to the Microsoft Entra admin center.

  • Each user’s email address attribute is available in your directory. SSO uses the mail attribute to authenticate users.

Configuring SAML SSO

Creating a new enterprise application

  1. Sign in to the Azure portal and go to Entra ID - Enterprise applications - All applications.

  2. Select New application.

image-20251103-095752.png

→ The Browse Microsoft Entra App Gallery page opens.

  1. Click Create your own application.
    → The Create your own application panel opens.

image-20251103-095936.png

  1. Enter a name for the application (for example, myEAS SSO) and activate the Integrate any other application you don’t find in the gallery (Non-gallery) option.

  2. Click Create.

Assigning users and groups

  1. From the left app menu, select Users and groups.

image-20251103-100440.png

  1. Click Add user/group and define the users or groups who should have access to EAS/myEAS.

image-20251103-103340.png

Configuring SAML-based SSO

  1. From the left app menu, select Single sign-on and choose SAML.

image-20251103-100757.png

→ The SSO configuration page opens.

  1. In the SAML Signing Certificate section, copy the App Federation Metadata Url.

image-20260413-133404.png

  1. Send the URL to your Retarus Implementation Engineer.
    → Retarus completes the backend configuration and provides you with a Metadata XML document.

  2. Import the Metadata XML document into your SAML configuration to complete the integration.