1. Help Center
  2. Integrations
  3. Getting Started with Integrations

How to Set Up Microsoft Azure SAML SSO

👋 To make the SSO configuration with Factorial the person responsible for the SSO connection within the client company has to provide Factorial with a metadata file.

👀 You will have to modify the “Company Name” in the Sign on URL for the one that references your company. The correct one can be found in the Factorial part of this guide

In Azure Portal:

  • Click on Enterprise Applications
    microsoft
  • Click on New application

Untitled (6)-2

  • Click on Create your own application, fill Input name with Factorial SAML and select Integrate any other application you don't find in the gallery (Non-gallery).

Untitled (7)

  • Go to Single sign-on and create a SAML provider

Untitled (8)

  • Update the configuration fields according to this:

    **Identifier (Entity ID)**: 
    urn:amazon:cognito:sp:eu-central-1_Y8iEmyaEp

    **Reply URL (Assertion Consumer Service URL)**:
    <https://factorial-production.auth.eu-central-1.amazoncognito.com/saml2/idpresponse>

    **Sign on URL (Remember to update your [CompanyName](<https://www.notion.so/How-do-I-add-a-SAML-provider-with-Azure-f5ab18de90d849a89c5ef738c619aed5>) on this one)**:
    <https://factorial-production.auth.eu-central-1.amazoncognito.com/oauth2/authorize?identity_provider=**CompanyName**&redirect_uri=https://api.factorialhr.com/cognito/oauth&response_type=CODE&client_id=53avjrh4f9bre669tbhbeo03gn&scope=email%20openid%20profile%20aws.cognito.signin.user.admin>

    **Logout URL**:
    <https://factorial-production.auth.eu-central-1.amazoncognito.com/saml2/logout>

    **User Attributes & Claims**
    givenname user.givenname
    surname user.surname
    name user.displayname
    emailaddress user.userprincipalname
    Unique User Identifier user.userprincipalname
  • Download the “Federation Metadata XML” from the third step and keep it in hand for the next steps.

Untitled (10)

  • Go to "Users and groups" inside the Azure application and click "Add user/group" and add selected users or groups. These will be the users that will be able to log in via SAML SSO.

In Factorial:

  • Go to the Company settings in Factorial, and click on the Set-up SAML SSO in the Single Sign-On section (You need to ask us to activate it, please reach out if you need this functionality)

Untitled (11)

  • In the first step of the configuration, please add your company's domain. Add only the domain, for example, with hello@factorialhr.com you would have to include only factorialhr.com. If your company has multiple domains, add them here as well.

Untitled (12)

  • Finally, in the next step, drag and drop (or select on your computer) the downloaded Federation Metadata XML file to the documents zone, after this, you can click on the Save configuration button and the SAML SSO should be activated. 

👇 Here you can find the CompanyName associated with the SAML configuration in Azure Portal. 

Untitled (13)