SAML SSO Set Up
Microsoft Entra ID (Azure AD)
This guide walks your Microsoft Entra ID administrator through creating and configuring a SAML 2.0 Enterprise Application so your organization's users can sign in to SolidProfessor using Entra ID Single Sign-On.
Prepared by: SolidProfessor Document Version: 1.0 Last Updated: February 2026
SolidProfessor — Confidential Page 1
SAML SSO Set Up: Microsoft Entra ID
Page 2

Table of Contents

  1. Create an Enterprise Application — Page 3
  2. Enable SAML Single Sign-On — Page 4
  3. Configure Basic SAML Settings — Pages 4–5
  4. Attributes & Claims — Pages 5–6
  5. Assign Users & Groups — Page 7
  6. Send Metadata to SolidProfessor — Pages 7–8

Prerequisites

Before you begin:  Ensure you have received the SAML configuration values from SolidProfessor before starting this setup. These values are unique to your organization and are required to complete Section 3.

Overview

The setup consists of six steps that create a trust relationship between Microsoft Entra ID (your Identity Provider) and SolidProfessor (the Service Provider). At the end of this process, you will send SolidProfessor a Federation Metadata XML file so we can finalize the connection on our side.

Terminology:  Microsoft Entra ID was formerly known as Azure Active Directory (Azure AD). This guide uses the current name "Entra ID" throughout. If your admin portal still shows "Azure Active Directory," the steps are identical.
SolidProfessor — Confidential Page 2
SAML SSO Set Up: Microsoft Entra ID
Page 3

1 Create an Enterprise Application

In this section you will create a new Enterprise Application in Microsoft Entra ID for SolidProfessor.

  1. Sign in to the Microsoft Entra admin center at entra.microsoft.com with an account that has administrator privileges.
  2. In the left-hand navigation menu, expand Identity, then expand Applications, and click Enterprise applications.
  3. Click + New application at the top of the page.
  4. Click + Create your own application.
  5. Enter SolidProfessor as the application name.
  6. Select "Integrate any other application you don't find in the gallery (Non-gallery)".
  7. Click Create.
Checkpoint:  Your SolidProfessor Enterprise Application has been created. You should now be on the application's Overview page. The next step is to enable SAML authentication.
Note:  Unlike Okta (which lets you select SAML 2.0 at creation time), Entra ID requires you to first create the Enterprise Application and then configure SAML as the sign-on method in the next step.
SolidProfessor — Confidential Page 3
SAML SSO Set Up: Microsoft Entra ID
Page 4

2 Enable SAML Single Sign-On

  1. From the SolidProfessor application's Overview page, click Single sign-on in the left-hand menu under Manage.
  2. On the Select a single sign-on method page, click SAML.

You should now see the SAML-based Sign-on configuration page with numbered sections.

3 Configure Basic SAML Settings

This is where you tell Entra ID how to communicate with SolidProfessor.

  1. In the Basic SAML Configuration section (Section 1 on the page), click the Edit (pencil) icon.
  2. In the Identifier (Entity ID) field, enter the Entity ID provided by SolidProfessor:
    Value:  URN of the user pool in AWS Cognito
    This will be provided by SolidProfessor.
  3. In the Reply URL (Assertion Consumer Service URL) field, enter the ACS URL provided by SolidProfessor:
    Value:  Custom domain configured for your User Pool App Client, appended with /saml2/idpresponse
    This will be provided by SolidProfessor.
  4. Leave Sign on URL, Relay State, and Logout URL blank.
  5. Click Save at the top of the panel, then close the panel.
Why these values matter:  The Identifier (Entity ID) tells Entra ID which service provider it is communicating with. The Reply URL is where Entra ID sends the SAML assertion after a user authenticates. Both values point to the correct AWS Cognito instance that handles your organization's authentication.
SolidProfessor — Confidential Page 4
SAML SSO Set Up: Microsoft Entra ID
Page 5

4 Attributes & Claims

Attributes & Claims tell Entra ID which user profile fields to include in the SAML assertion so SolidProfessor can identify and provision users correctly. These are configured in Section 2 on the SAML configuration page.

Entra ID ships with three default claims that already match what SolidProfessor expects (emailaddress, givenname, and surname, each with the full http://schemas.xmlsoap.org/ws/2005/05/identity/claims/ namespace). You will leave those defaults in place and add six additional claims for the remaining user profile fields.

  1. In the Attributes & Claims section (Section 2 on the page), click the Edit (pencil) icon.
  2. You will see the three default claims under Additional claims (or Required claim). Do not delete or modify them.
  3. Click + Add new claim for each of the six attribute mappings listed on the next page.
  4. For each new claim:
    • Enter the full Name (claim URN) exactly as shown in the table.
    • Clear the Namespace field — leave it blank.
    • Set Source to Attribute.
    • Set Source attribute to the Entra ID attribute shown in the table.
    • Click Save.
Important:  You must clear the Namespace field for each new claim so the full URN you enter in the Name field is used verbatim. If Entra ID's default namespace is left populated, the claim names sent in the SAML assertion will be doubled-up (e.g., .../claims/.../claims/address) and SolidProfessor will not recognize them.
SolidProfessor — Confidential Page 5
SAML SSO Set Up: Microsoft Entra ID
Page 6

Required Attribute Mappings

Add each of the following six claims using the + Add new claim button. Remember to clear the Namespace field for each one so the full URN in the Name column is sent verbatim.

Name (Claim URN) Source Attribute (Entra ID)
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/address user.streetaddress
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality user.city
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/state user.state
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode user.postalcode
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country user.country
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/phonenumber user.telephonenumber
Tip:  The Name values must be entered exactly as shown — full claim URNs, case-sensitive. The Source Attribute values reference standard Entra ID user profile fields. If your organization uses custom attributes, contact SolidProfessor for assistance.
Default claims:  The three SolidProfessor-required claims for email, first name, and last name already exist as Entra ID defaults: .../claims/emailaddressuser.mail, .../claims/givennameuser.givenname, and .../claims/surnameuser.surname. Leave them in place — you only need to add the six claims above.
SolidProfessor — Confidential Page 6
SAML SSO Set Up: Microsoft Entra ID
Page 7

5 Assign Users & Groups

Before users can sign in via SSO, they must be assigned to the SolidProfessor application in Entra ID. You can assign individual users or entire groups.

  1. In the SolidProfessor application, click Users and groups in the left-hand menu under Manage.
  2. Click + Add user/group.
  3. On the Add Assignment page, click None Selected under Users.
  4. Search for and select the users or groups who should have SSO access to SolidProfessor.
  5. Click Select, then click Assign.
Important:  Only users who are assigned to this application (directly or via a group) will be able to use SSO to access SolidProfessor. If a user is not assigned, they will receive an error when attempting to sign in.
Best practice:  We recommend assigning an Entra ID security group (e.g., "SolidProfessor Users") rather than individual users. This makes it easy to manage access as employees join or leave — simply add or remove them from the group.

6 Send Metadata to SolidProfessor

SolidProfessor needs your Identity Provider (IdP) metadata to complete the SSO configuration on our side. This metadata contains your Entra ID SSO endpoint, signing certificate, and entity ID.

  1. Navigate back to the Single sign-on page of your SolidProfessor application.
  2. Scroll down to Section 3: SAML Certificates.
  3. Find App Federation Metadata Url and click the copy icon next to it.
  4. Send this Metadata URL to your SolidProfessor contact.
SolidProfessor — Confidential Page 7
SAML SSO Set Up: Microsoft Entra ID
Page 8

Metadata — Alternatives

Alternative:  If you prefer to send a file instead of a URL, click Download next to Federation Metadata XML in the SAML Certificates section. Send the downloaded FederationMetadata.xml file to your SolidProfessor contact.
That's it!  Once SolidProfessor receives your metadata URL (or XML file), we will complete the configuration on our side and notify you when SSO is ready for testing.

Testing SSO

After SolidProfessor confirms the configuration is complete, test the SSO connection:

  1. Navigate back to the Single sign-on page of the SolidProfessor application in Entra ID.
  2. Scroll down to Section 5: Test single sign-on with SolidProfessor.
  3. Click Test.
  4. Select "Sign in as current user" or "Sign in as someone else" and enter the credentials of an assigned user.
  5. If successful, you will be redirected to SolidProfessor and signed in automatically.
Note:  Do not test until SolidProfessor confirms the configuration is complete on our side. Testing before that will result in an error.
SolidProfessor — Confidential Page 8
SAML SSO Set Up: Microsoft Entra ID
Page 9

Summary

Here is a quick reference of everything configured in this guide:

Setting Value
Application Type Enterprise Application (Non-gallery)
App Name SolidProfessor
Single Sign-On Method SAML
Identifier (Entity ID) Provided by SolidProfessor
Reply URL (ACS URL) Provided by SolidProfessor
Claim Namespace Empty (cleared for all custom claims)
Custom Claims 6 added (plus 3 Entra defaults) — see Section 4

Troubleshooting

Users cannot sign in

SAML assertion errors

Claims not appearing in assertion

Need help?

Contact your SolidProfessor account representative for assistance with SSO configuration.

SolidProfessor — Confidential Page 9