Skip to main content

Configuring Single Sign-on (SSO) for Microsoft Entra ID

Single Sign-On (SSO) enables ALTR administrators to sign into the ALTR platform without having to remember a separate username, password and two-factor authentication method. Follow the steps below to set up SSO with Entra.

Note

Microsoft Entra ID was formerly known as Azure Active Directory (AD).

Prerequisites for Configuring SSO

When enabling SSO, make sure you have

  • Administrator access to your identity provider.

  • An ALTR Enterprise account. SSO is not available for free-tier ALTR customers. For more information, see ALTR's pricing page.

  • Superadministrator access to your ALTR account. If you are unsure what your role is within ALTR, refer to Administrators for more information.

Instructions for Configuring SSO with Microsoft Entra ID

Entra and ALTR are configured to match on UserPrincipalName and Username by default. However, SSO can be configured to match on another field, such as email. For help on customizing the identifier used in SSO, contact ALTR Support.

To configure SSO with Entra:

  1. Sign into Entra as an Administrator.

  2. Select AddEnterprise application to create a new Entra Enterprise Application.

    SSO_Entra_Overview.png
  3. Click Create your own application. Assign a name to your application (e.g., "ALTR") and select the Non-Gallery application option

    SSO_Entra_Create_own_application.png
  4. Once the application is created, navigate to it's Overview page. Select Set up single sign-on.

    SSO_Entra_Set_up_SSO.png
  5. Select SAML from the list of single sign-on methods.

    SSO_Entra_SAML.png
  6. Sign into your ALTR account. Select SettingsPreference in the Navigation menu. Click the SSO/SCIM tab. Click the Download button.

    SSO_Settings.png
  7. Once the file is downloaded, go back to Entra and click Upload metadata file. Upload the file downloaded from ALTR. Click Add.

    SSO_Entra_Upload_metadata_file.png
  8. Provision your ALTR administrators to your Entra application.

    1. In Entra, navigate to your ALTR Enterprise Application.

    2. Navigate to the Users and Groups section.

    3. Search for and select your user.

    4. Identify your UserPrincipalName.

    5. In ALTR, select SettingsAdministrators in the Navigation menu.

    6. Ensure that your ALTR Username exactly matches your UserPrincipalName in Entra. This match is case sensitive. If your Username in ALTR does not exactly match your Entra UserPrincipalName, you will not be able to sign into ALTR.

    Notice

    If your ALTR Username does not exactly match your Entra UserPrincipalName, you have two options:

    • Create a new ALTR account using the correct Username.

    • Override the UserPrincipalName in Entra for this integration. When assigning the user, copy your Username from ALTR and paste it into the UserPrincipalName field in Entra. This override only affects your login for ALTR; it does not change any of your other tools.

  9. Navigate to the SAML Certificates section in Entra. Click the Copy to clipboard icon in the App Federation Metadata Url field. Paste this URL in the Provider URL field in ALTR.

    SSO_Entra_Copy_Metadata.png
  10. Navigate back to ALTR. Select Azure Active Directory. Click Enable SSO.

    Notice

    Do not close your window or sign out of ALTR yet.

    SSO_Settings.png
  11. Once ALTR has successfully configured SSO, keep your current window open, open an incognito window or a different browser, and sign int your ALTR account. Do not sign out of ALTR on your main window until you have confirmed you can sign into ALTR on the second window.

    Note

    If you are unable to log into the second window, create a new Administrator account in ALTR with a Username that exactly matches (it is case sensitive) your unique identifier provider (IdP). For Entra, this is typically your UserPrincipalName.