Articles

Security

Single Sign On (SSO)

Azure AD SSO Configuration Guide


## Prerequisites

Ensure you have read the [SSO Setup Overview article](/_docs/security/sso/setting-up-sso.mdx) to ensure you have configured the baseline and prepared for your IDP SSO connection.

## Configuration Steps

### Create a new application in Azure AD.

1. Navigate to Active Directory and select _Enterprise Applications_ from the menu.

2. Select the option to _Add a New Application_

   ![Add a new Azure AD application](/public/docs/2022-10-03_AzureAD_New_SAML_App.png)

3. Choose _Create your own application_.

   ![Select option to create new app](/public/docs/2022-10-03_AzureAD_create_own_app.png)

4. Add a name to help you remember the application (ex: `transcend-sso`).

5. Select _Set up Single sign-on_ and choose `SAML` as the SSO mode.

   ![Set up SSO settings for Azure AD App](/public/docs/2022-10-03_AzureAD_SSO_config_app.png)

6. In the _Basic SAML Configuration Settings_, enter the following information:

   - Identifier (Entity ID): `transcend`. Note - this must be an exact match, Transcend is looking for this string.
   - Reply URL (Assertion Consumer Service URL): `https://api.transcend.io/saml` for the EU backend, or `https://api.us.transcend.io/saml` for the US backend
   - Sign on URL : `https://app.transcend.io/login`
   - Relay State (Optional): _leave empty_
   - Logout URL (Optional): _leave empty_

   ![AzureAd App SAML config example](/public/docs/10-03-2022_AzureAD_SAML_app_config.png)

7. In the _Attributes & Claims_, create the following two claims:

   - firstName: `user.givenname`
   - lastName: `user.surname`

   ![Azure Sso Claims](/public/docs/2025-04-18-azure-sso-claims.png)

   _Transcend uses these claims to set names for users. Without them, users will be created with blank names._

### Obtain the Credentials & Certificate for the Application

Once the Transcend application is set up in Active Directory, obtain the credentials and certificate to enter in the Transcend Admin Dashboard SSO settings.

1. In Transcend SSO Settings, enter `transcend` for _Identity Provider Issuer_. The value entered here must match `transcend` exactly.
2. Under the _SAML Certificates_ section, download the X.509 Certificate by selecting the download option for _Certificate (Base64)_. Copy this value to Transcend.
3. Copy the login URL from Active Directory into Transcend. It should look similar to `https://login.microsoftonline.com/{{uuid}}/saml2`.

### Configure Groups & Users in AD

Configure the groups and users who should have access to Transcend in Active Directory by navigating to the newly created Transcend app and selecting _Users & Groups_. Note that it may be worth creating a new group of users who should have access to Transcend.


Obtain the Credentials & Certificate for the Application