Overview
Identity providers (IdPs) are used to manage digital identities within an organization. Microsoft Entra ID (formerly Azure Active Directory / Azure AD) is a popular IdP that provides secure user authentication services and single sign-on (SSO) to SaaS applications like TraceGains. To provide SSO services, TraceGains acts as a service provider (SP) through the Security Assertion Markup Language (SAML) standard.
Azure AD is now part of Microsoft Entra ID. All portal references have been updated accordingly.
This article covers the steps needed to configure Microsoft Entra ID as an SSO provider for TraceGains. When done correctly, users will be able to log in to TraceGains using their Entra ID credentials.
Prerequisites
- Microsoft Entra ID tenant with an active Azure AD Premium membership
- Administrator-level access to TraceGains with appropriate permissions
- Global Admin or Cloud Application Administrator access to Microsoft Entra ID
Features
TraceGains supports:
- Single Sign-On
- Single Logout
- JIT provisioning
PART 1: Enable SAML SSO within TraceGains
Before setting up your enterprise application in Microsoft Entra ID, you must first configure your TraceGains account to authenticate through SAML. This section prepares the TraceGains environment so you can later collect and apply information from Entra ID.
Step 1: Log in to your TraceGains site. Hover over the Configuration Icon and select Single Sign-On.
Step 2: Click New Custom.
Step 3: Type a Description for the IdP-Initiated SSO, for example: ‘Microsoft Entra ID’.
Keep your TraceGains SSO window open. Then open a new browser tab for Microsoft Entra ID
Part 2: Create a New Application for SSO in MicroSoft Entra ID
Step 1: Log into your Microsoft Entra ID Account. Then click on Microsoft Entra ID.
Step 2: Scroll down to click Add Enterprise Application.
Step 3: Click + Create your own application.
Step 4: Type in a relevant name such as TraceGains in the field for 'What's the name of your app?'
Step 5: Select 'Integrate any other application you don't find in the gallery (Non-gallery).'
Step 6: Click Create.
Step 7: From the Overview page, select Set up single sign on.
Step 8: From the Single Sign-On page, select SAML as the SSO method.
Step 9: From 1 - Basic SAML Configuration, click the edit pencil icon.
Step 10: Return to your first browser tab with the TraceGains SSO configuration.
Use the values displayed in the TraceGains IdP-Initiated SSO Configuration section to copy & paste into the Microsoft Entra ID fields as follows:
|
TraceGains Field (copy value contained) |
Entra ID Field (paste in corresponding field) |
| SSO ACS (Consumer) URL | Identifier (Entity ID) |
| SSO ACS (Consumer) URL | Reply URL (Assertion Consumer Service URL) |
| Single Logout URL | Logout URL (optional) |
Reply URL = TraceGains ACS URL.
Step 11: After all of the information has been added to Entra ID, click Save.
Step 12: Now continue to Part 3: Back to Enable SAML SSO within TraceGains.
Part 3: Complete SAML Configuration in TraceGains
Step 1: In Microsoft Entra ID, click Single Sign-On. This page provides the certification information you need.
Step 2: Use the chart below to copy values from Entra ID into TraceGains:
|
Entra ID (copy value contained) |
TraceGains (paste in corresponding field) |
| Login URL | SSO Endpoint (HTTP) |
| Entra ID Identifier (SAML Entity ID) | Issuer ID or URL |
| Logout URL (optional) | SLO Endpoint (HTTP) |
Step 3: Download the Certificate (Base64) in Entra ID and copy the content into a Word document.
Step 4: Paste the copied content in the X.509 Certificate (Base-64 encoded) field in TraceGains.
Step 5: Once all of the information is entered, click Save.
Step 6: Click on Properties.
Step 7: For 'Assignment Required?' to:
Yes – Restricts access to assigned users/groups.
No – All users can access (less restrictive)
Final Checklist
Before testing SSO, verify the following:
✔ Reply URL (ACS URL) and Entity ID exactly match the values from TraceGains
✔ Certificate (Base64) uploaded and valid
✔ Users assigned or Assignment Required set correctly
✔ Test login is successful
For general information and troubleshooting, as well as an explanation of JIT (Just-in-Time provisioning), please read our SSO Overview article.