SSO Login via Microsoft Entra ID

Overview

Microsoft Entra ID (formerly Azure Active Directory) is Microsoft's comprehensive cloud-based identity and access management service. This integration enables seamless Single Sign-On (SSO) authentication for Middleware, allowing your organization to centralize user authentication and access control. With Microsoft Entra ID SSO, users can access Middleware using their existing Microsoft 365 or Azure AD credentials, eliminating the need for separate login credentials while maintaining enterprise-grade security and compliance standards.

Integrate with Microsoft Entra ID to

  • Single Sign-On (SSO) authentication using Microsoft Entra ID credentials
  • Compliance with enterprise security policies and audit requirements
  • Seamless integration with the existing Microsoft ecosystem and workflows.

Configuration

Prerequisits

To configure SSO, you need:

Middleware

  • You must be an owner of the account.

Microsoft Entra ID

  • A Microsoft Entra user account with one of the following roles: Cloud Application Administrator, Application Administrator, or owner of the service principal.

Enable SSO for Middleware in Microsoft Entra ID

To enable SSO for an application:

  1. Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.

  2. Browse to Entra ID > Enterprise apps > All applications.

    Enable SSO for Middleware in Microsoft Entra ID
  3. Select New application.

  4. The Browse Microsoft Entra Gallery pane opens. Select Create your own application.

  5. On the Create your own application pane, enter “Middleware” as the name of an app.

  6. Select Integrate any other application you don't find in the gallery (Non-gallery).

    Enable SSO for Middleware in Microsoft Entra ID
  7. Select Create.

  8. The app Overview page opens. In the left menu under Manage, select Single sign-on.

  9. Under Select a single sign-on method, select SAML.

    Enable SSO for Middleware in Microsoft Entra ID
  10. On the SAML-based Sign-on page, click on the Edit pencil icon of the Basic SAML Configuration section.

    Enable SSO for Middleware in Microsoft Entra ID
  11. On the Basic SAML Configuration pane, enter the values described below in the respective fields, and then click Save.

    a. Identifier (Entity ID): https://app.middleware.io

    b. Reply URL (Assertion Consumer Service URL): https://app.middleware.io/api/v1/auth/saml/acs

    Enable SSO for Middleware in Microsoft Entra ID
  12. In the SAML Certificates section, record the value of the App Federation Metadata Url property to be used later.

    Enable SSO for Middleware in Microsoft Entra ID

Configure Microsoft Entra ID integration in the Middleware

To enable SSO login in the Middleware with Microsoft Entra ID:

  1. Sign in to the Middleware as an account owner.

  2. Browse to Installation > Integration > SSO > Microsoft Entra ID.

    ### Configure Microsoft Entra ID integration in the Middleware
  3. Paste the App Federation Metadata Url that you recorded while configuring SSO in the Microsoft Entra Admin Center, and then click Submit.

    ### Configure Microsoft Entra ID integration in the Middleware

Enable users from Microsoft Entra to authenticate with Middleware

In this section, you enable users within your tenant to access Middleware.

  1. Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.

  2. Browse to Entra ID > Enterprise apps > Middleware (or the name you have given while configuring the app).

  3. On the app's overview page, under Manage, select Users and groups.

  4. Select Add user/group.

    Enable users from Microsoft Entra to authenticate with Middleware
  5. On the Add Assignment page, select the link under the Users field.

    Enable users from Microsoft Entra to authenticate with Middleware
  6. In the Users pane, you'll see a complete list of all users in your tenant. Select the users you want to give access to, then click the Select button.

  7. Finally, click the Assign button.

NOTE: The user's userPrincipalName in Microsoft Entra ID must exactly match their email address in Middleware.

Manage Users in Middleware

Existing Users

Once you configure SSO in Middleware, all current users will automatically switch to SSO authentication. They won't need to take any action - the next time they log in, they'll be prompted to use their Microsoft credentials instead of their previous Middleware password.

New Users

For users who aren't already in your Middleware account:

  1. Send an invitation through Middleware

  2. User accepts the invitation via email

  3. User can then sign in using SSO with their Microsoft credentials

    Manage Users in Middleware

NOTE: The user's email address in Middleware must exactly match their userPrincipalName in Microsoft Entra ID.

Login

SP-initiated login

SP-initiated, or Service Provider-initiated, means login initiated from Middleware.

  1. Select the Microsoft Entra ID icon on the sign-in or sign-up page.

    SP-initiated login
  2. In the displayed pop-up, enter your Email Address and click Submit.

    SP-initiated login
  3. The system will initiate SAML authentication with Microsoft Entra ID to verify your identity. If you're already signed in to your Microsoft account, you'll be automatically authenticated without any action required. If not, you'll be prompted to enter your Microsoft credentials and complete the login process. Once authentication is successful, you'll be automatically redirected back to Middleware’s home page.

IDP-initiated login

IdP-initiated, or Identity Provider-initiated, means login initiated from the Microsoft App Dashboard portal.

  1. Go to your My Apps page in Microsoft.

  2. Click on the Middleware app.

  3. Once authentication is successful, you'll be automatically redirected back to Middleware’s home page.