How to Integrate SAML with Microsoft Entra (Azure ID)

Article author
Learning Center Mekari
  • Updated

A. Creating an App Integration

To enable SAML integration, you need to create a new App integration through the Microsoft Entra admin centre. Here are the steps for a new App integration in Microsoft Entra:

  1. Visit the Microsoft Entra admin centre and select the Enterprise applications tab.
  2. Then click the "New Application" tab.
  3. Search for "SAML Toolkit" in the application search field and click "SAML Toolkit" on the search results page.
  4. A popup will appear and in the Name column, you can update the name according to the Mekari Product name that you are using. For example: "Talenta". After that, you can click "Create" to create App integration and you will be directed to the application page.

B. SAML Configuration Process

Before setting up SAML integration in Okta, you need to send SAML configuration data to Mekari specialist/activation team to be able to process the integration settings in Mekari Account. Here are the steps:

  1. You can go to the Single sign-on tab.
  2. Then select SAML.
  3. Scroll down the page and click "Download" on the Federation Metadata XML section, to get the XML file with the same name as your application. After that, you can send the XML file to the Mekari specialist/activation team who assisted you in this integration process.

C. Integration of Mekari Account with Microsoft Entra (Azure ID)

Once you get the configuration data, you can proceed to the integration stage between Mekari Account and Microsoft Entra. Here are the steps:

  1. In the email you received, you will get details about the basic SAML configuration which contains Entity ID and ACS URL. Fill in the Identifier (Entity ID) field with the Entity ID value from the email and the Reply URL (Assertion Consumer Service URL) field with the ACS URL value from the email. And for the Sign on URL column, fill it with https://account.mekari.com/users/sign_in.

    Currently Mekari Account does not support Relay State and Logout Url, so you can leave both fields blank.

  2. In the Attributes & Claims section, you need to make sure that the Unique User Identifier field is pointing to user attribute data that has the same value as the email address field that you entered during the Invitation of the Mekari product.
    For example, in the picture below, the attribute "user.userprincipalname" points to the user's email address that is also used in Talenta.
  3. After completing the integration set up process, you can confirm whether the integration process has run well or not.