Skip to main content

Configure Single Sign-On in Microsoft Entra ID

This article describes how to configure single sign-on (SSO) in Microsoft Entra ID (formerly known as Azure Active Directory or Azure AD).


Brinqa recommends configuring secure access to your Brinqa Platform, a process that involves two steps:

  1. Build an allowlist, a select group of core users' external IP addresses, for local authentication. This helps to ensure that only authorized users can access the Brinqa Platform from trusted devices.

  2. Obtain the metadata XML file and send a copy to your Brinqa Customer Success Manager (CSM). The metadata file is necessary to enable SSO authentication in conjunction with Brinqa and ensures that users can access the Brinqa Platform securely.

The remainder of this article illustrates the steps to obtain the metadata XML file in Microsoft Entra ID.

Set up SSO in Microsoft Entra ID

You must enable SSO in Microsoft Entra ID and download the metadata XML file.


To configure SSO in Microsoft Entra ID, you need the following:

Create an enterprise application


The steps may vary based on the Microsoft portal you are on. Please consult Microsoft documentation for accuracy.

To add a new enterprise application for Brinqa, follow these steps:

  1. Log in to your organization's Microsoft portal as an Administrator.

  2. Navigate to Enterprise applications > All applications.

  3. Click Create your own application.

  4. Enter a name for the application, e.g.: "Brinqa".

  5. Under What are you looking to do in your application?, select the third option, Non-gallery, as shown in the screenshot:

    Azure AD new app screenshot

  6. Click Create.

Configure SSO in the enterprise application

To enable SSO for the enterprise application you've created for Brinqa, follow these steps:

  1. Log in to your organization's Microsoft portal as an Administrator.

  2. Navigate to the enterprise application you've created for Brinqa.

  3. In the left menu, click Single sign-on, and then click Set up single sign on.

  4. Under Basic SAML Configuration, click Edit to fill in the two required fields: Identifier and Reply URL.

    • Identifier: Enter https://<YourCompanyName>

    • Reply URL: Enter https://<YourCompanyName>

    where https://<YourCompanyName> is the URL to your Brinqa Platform.

  5. Under Attributes & Claims, keep the default settings.

  6. After saving your changes, the configuration might resemble this screenshot:

Azure AD SSO screenshot

  1. Under SAML Certificates > Federation Metadata XML, click Download to save the file.

  2. Email a copy of the metadata XML file to your Brinqa CSM.

    The metadata XML file contains information about your organization's SSO solution, such as SSO endpoints and public keys for signing and encrypting messages. Your Brinqa CSM uses this file to configure the connection between the Brinqa Platform (service provider) and Microsoft Entra ID (identity provider).

  3. After the SSO connection has been established, change the login method to SAML in your Brinqa Platform to ensure successful login for all users.


    Brinqa recommends retaining a System administrator account in the Brinqa authentication method, which is to log in with a username and password, for troubleshooting and verification purposes.