Configure Microsoft Entra ID SSO

Overview

Identity providers (IdPs) are used to manage digital identities within an organization. Microsoft Entra ID (formerly Azure Active Directory / Azure AD) is a popular IdP that provides secure user authentication services and single sign-on (SSO) to SaaS applications like TraceGains. To provide SSO services, TraceGains acts as a service provider (SP) through the Security Assertion Markup Language (SAML) standard.

Azure AD is now part of Microsoft Entra ID. All portal references have been updated accordingly.

This article covers the steps needed to configure Microsoft Entra ID as an SSO provider for TraceGains. When done correctly, users will be able to log in to TraceGains using their Entra ID credentials.

Prerequisites

  • Microsoft Entra ID tenant with an active Azure AD Premium membership
  • Administrator-level access to TraceGains with appropriate permissions
  • Global Admin or Cloud Application Administrator access to Microsoft Entra ID

Features

TraceGains supports:

  • Single Sign-On
  • Single Logout
  • JIT provisioning

PART 1: Enable SAML SSO within TraceGains

Before setting up your enterprise application in Microsoft Entra ID, you must first configure your TraceGains account to authenticate through SAML. This section prepares the TraceGains environment so you can later collect and apply information from Entra ID.

Step 1: Log in to your TraceGains site. Hover over the Configuration Icon and select Single Sign-On.

Step 2: Click New Custom.

TG steps 1-2.png

Step 3: Type a Description for the IdP-Initiated SSO, for example: ‘Microsoft Entra ID’.

entra 3.png

Keep your TraceGains SSO window open. Then open a new browser tab for Microsoft Entra ID

Part 2: Create a New Application for SSO in MicroSoft Entra ID

Step 1: Log into your Microsoft Entra ID Account. Then click on Microsoft Entra ID.

AZ1.png

Step 2: Scroll down to click Add Enterprise Application. 

AZ2.png

Step 3: Click + Create your own application.

Step 4: Type in a relevant name such as TraceGains in the field for 'What's the name of your app?'

Step 5: Select 'Integrate any other application you don't find in the gallery (Non-gallery).'

Step 6: Click Create.

entra 3-6.png

Step 7: From the Overview page, select Set up single sign on.

entra 7.png

Step 8: From the Single Sign-On page, select SAML as the SSO method.

entra 8.png

Step 9: From 1 - Basic SAML Configuration, click the edit pencil icon.

entra 9.png

Step 10: Return to your first browser tab with the TraceGains SSO configuration.
Use the values displayed in the TraceGains IdP-Initiated SSO Configuration section to copy & paste into the Microsoft Entra ID fields as follows:

TraceGains Field  

(copy value contained)

Entra ID Field 

(paste in corresponding field)

SSO ACS (Consumer) URL Identifier (Entity ID)
SSO ACS (Consumer) URL Reply URL (Assertion Consumer Service URL)
Single Logout URL  Logout URL (optional)

Reply URL = TraceGains ACS URL.

Entra 10.png

Step 11: After all of the information has been added to Entra ID, click Save.

Step 12: Now continue to Part 3: Back to Enable SAML SSO within TraceGains.

Keep the Entra ID site open as you move forward in order to continue copying & pasting values into your TraceGains SAML SSO.

Part 3: Complete SAML Configuration in TraceGains

Step 1: In Microsoft Entra ID, click Single Sign-On. This page provides the certification information you need.

Step 2: Use the chart below to copy values from Entra ID into TraceGains:

Entra ID 

(copy value contained)

TraceGains 

(paste in corresponding field)

Login URL SSO Endpoint (HTTP)
Entra ID Identifier (SAML Entity ID) Issuer ID or URL
Logout URL (optional) SLO Endpoint (HTTP)
TG step 2.png

Step 3: Download the Certificate (Base64) in Entra ID and copy the content into a Word document

Step 4: Paste the copied content in the X.509 Certificate (Base-64 encoded) field in TraceGains.

Step 5: Once all of the information is entered, click Save.

step 3.png

Step 6: Click on Properties

Step 7: For 'Assignment Required?' to:

  • Yes – Restricts access to assigned users/groups.

  • No – All users can access (less restrictive)

MS Entra 12.png

Final Checklist

Before testing SSO, verify the following:

Reply URL (ACS URL) and Entity ID exactly match the values from TraceGains
✔ Certificate (Base64) uploaded and valid
✔ Users assigned or Assignment Required set correctly
✔ Test login is successful

For general information and troubleshooting, as well as an explanation of JIT (Just-in-Time provisioning), please read our SSO Overview article.

 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request