Skip to main content

Setup SSO with Microsoft Entra ID using SAML in OneID

Zuora

Setup SSO with Microsoft Entra ID using SAML in OneID

This article describes how to configure Microsoft Entra ID to enable single sign-on with OneID. For more information about SSO in OneID, see Configure single sign-on for OneID.

Step 1: Add Zuora OneID application to Microsoft Entra ID

To add Zuora OneID application to Microsoft Entra ID, perform the following steps:

  1. Log in to Microsoft Entra ID as an administrator.
  2. Go to the Enterprise Application tab and click New Application.
  3. Click Create your own application and enter a name for the app.
  4. Select Integrate any other application you don’t find in the gallery (Non-gallery) and click Create.
  5. Select SAML 2.0 as the sign-in method in the dialog box and click Next.
  6. Click Single sign-on and select SAML as the sign-in method.
  7. Click Edit in Basic SAML Configuration and configure the following SAML settings:
    • Identity (Entity ID): Enter the entity ID of this Zuora OneID application as https://one.zuora.com/saml/metadata
    • Reply Url (Assertion Consumer Service URL): The Assertion Consumer Service (ACS) endpoints where the Zuora OneID application receives the SAML assertion as https://one.zuora.com/saml/SSO
    • Leave other fields at their default values.
  8. Click Edit in Attribute & Claims, remove all the additional claims, and configure the following Unique User Identifier (Name ID).
    • Set Name Identifier format as Email address
    • Set Source as Attribute
    • Change Source attribute to user.mail
  9. Click Save.

For more information, see Create SAML app integrations.

Step 2: Obtain Microsoft Entra ID IDP metadata URL

To retrieve the identity provider metadata from Microsoft Entra ID, provide the metadata URL specific to Microsoft Entra ID to the Zuora OneID application.

  1. Log in to Microsoft Entra ID and navigate to the Enterprise Applications tab.
  2. Click the application added for Zuora OneID SSO.
  3. Click the Single Sign On tab.
  4. In the SAML Signing Certificates section, copy the App Federation Metadata URL.
  5. Navigate to Settings in Zuora OneID and click Manage SSO Settings.
  6. Paste the App Federation Metadata URL to enable the SSO.

Step 3: Assign the Zuora OneID application to Microsoft Entra ID users

  1. Log in to Microsoft Entra ID and navigate to the Enterprise Applications tab.
  2. Click the application added for Zuora OneID SSO.
  3. Click the User and Groups tab.
  4. Click Add User/Group.
  5. Find the person you want to assign the Zuora OneID application and click Select.
  6. Verify the user name and click Assign.
  7. Repeat steps 5 and 6 to assign all the users you want to the Zuora OneID application.

For more information, see Assign app integrations.