How do I set up SAML SSO with Microsoft?

In this article, you will find a step-by-step guide to setting up SAML SSO with Microsoft as the identity provider.

In this article, you will get a step-by-step guide to setting up SAML SSO, provided you are using Microsoft as your identity provider. If you are looking for instructions on setting up the SSO login at sipgate, you can find them here.

Open identity section

In the first step, log in to your Microsoft account as an admin and select in the right-hand menu: Show all --> Identity .

Create application

In the Entra Admin Center, go to the right-hand menu, select Applications and then click on Create your own application.

After a new window has opened on the right-hand side, you can enter any name that sipgate should be included. The remaining settings can be left unchanged at the default settings. Finally, click the Create.

Select SSO method

The sipgate application was created successfully. You can find it under Applications --> Overview . In the next step, go to Set up SSO.

Click under Select SSO method on SAML.

Import IdP data

In the following step, you will receive an overview of the setup steps as well as all the required data for configuring the SSO setup at sipgate. This data includes the SSO URL, the Entity ID and the Certificate.

To transfer this data to your sipgate account, go to point 4 in the overview Set up sipgate and copy the following information: the Login URL (SSO URL) and the Azure AD identifier (Entity ID).

Enter certificate

In point 3 SAML certificates proceed as follows: Click on Edit and select SAML signing certificate. Then open the certificate's context menu and download the Base64 certificate .

Open the certificate with the default text editor (file with the extension '.cer'). Copy the certificate text from the editor and paste it into sipgate under Certificate .

Enter SP data

Go to point 1 Basic SAML configuration and click on Edit. Enter the following data from the SSO area in sipgate (service provider data): Entity-Id --> Entity ID and ACS URL --> Reply URL (Assertion Consumer Service URL) and click on Save.

Assign users

In the next step, go to the left-hand navigation menu and select Users and groups --> Add user/group .

To select specific users or groups for SSO use, click under Users and groups on None selected.

Here you have the option to select the groups or users for your SSO application.

In the final step, click on Assign.

Enable SSO at sipgate

Once you have successfully completed these steps, the interface between sipgate and Microsoft should be set up. You can then activate the SSO login via the toggle in sipgate.

Errors and solutions

Error message: "An error has occurred. Please try again. Back to login."

Cause: The sipgate web user with Microsoft SSO was deleted and created as a new sipgate web user. In the Microsoft SSO database, the old sipgate web user is still linked. Workaround: ask sipgate support to delete the Microsoft SSO entry so that the next Microsoft SSO login works. Solution: We are working on a solution so that when a sipgate web user is deleted, the Microsoft SSO deletion is also carried out. Error: SSO login does not work with the error “AADSTS750054: SAMLRequest or SAMLResponse must be present as query string parameters in HTTP request for SAML Redirect binding.” Cause: unknown Suggested solution: Open in the browser, e.g. Chrome sipgate.de , via F12 switch to the Network tab, then log in to sipgate via SSO and look in the network tab for the POST request to our ACS URL (contains sipgate-sso- and the customer number), and send us the SAMLResponse there via sipgate support

PreviousHow do I set up SAML SSO with Okta?NextHow do I set up SAML SSO with Google?

Last updated 1 month ago