SSO Login via Microsoft Entra ID
Overview
Microsoft Entra ID (formerly Azure Active Directory) is Microsoft's comprehensive cloud-based identity and access management service. This integration enables seamless Single Sign-On (SSO) authentication for Middleware, allowing your organization to centralize user authentication and access control. With Microsoft Entra ID SSO, users can access Middleware using their existing Microsoft 365 or Azure AD credentials, eliminating the need for separate login credentials while maintaining enterprise-grade security and compliance standards.
Integrate with Microsoft Entra ID to
- Single Sign-On (SSO) authentication using Microsoft Entra ID credentials
- Compliance with enterprise security policies and audit requirements
- Seamless integration with the existing Microsoft ecosystem and workflows.
Configuration
Prerequisits
To configure SSO, you need:
Middleware
- You must be an owner of the account.
Microsoft Entra ID
- A Microsoft Entra user account with one of the following roles: Cloud Application Administrator, Application Administrator, or owner of the service principal.
Enable SSO for Middleware in Microsoft Entra ID
To enable SSO for an application:
Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
Browse to Entra ID > Enterprise apps > All applications.
Select New application.
The Browse Microsoft Entra Gallery pane opens. Select Create your own application.
On the Create your own application pane, enter “Middleware” as the name of an app.
Select Integrate any other application you don't find in the gallery (Non-gallery).
Select Create.
The app Overview page opens. In the left menu under Manage, select Single sign-on.
Under Select a single sign-on method, select SAML.
On the SAML-based Sign-on page, click on the Edit pencil icon of the Basic SAML Configuration section.
On the Basic SAML Configuration pane, enter the values described below in the respective fields, and then click Save.
a. Identifier (Entity ID):
https://app.middleware.io
b. Reply URL (Assertion Consumer Service URL):
https://app.middleware.io/api/v1/auth/saml/acs
In the SAML Certificates section, record the value of the App Federation Metadata Url property to be used later.
Configure Microsoft Entra ID integration in the Middleware
To enable SSO login in the Middleware with Microsoft Entra ID:
Sign in to the Middleware as an account owner.
Browse to Installation > Integration > SSO > Microsoft Entra ID.
Paste the App Federation Metadata Url that you recorded while configuring SSO in the Microsoft Entra Admin Center, and then click Submit.
Enable users from Microsoft Entra to authenticate with Middleware
In this section, you enable users within your tenant to access Middleware.
Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
Browse to Entra ID > Enterprise apps > Middleware (or the name you have given while configuring the app).
On the app's overview page, under Manage, select Users and groups.
Select Add user/group.
On the Add Assignment page, select the link under the Users field.
In the Users pane, you'll see a complete list of all users in your tenant. Select the users you want to give access to, then click the Select button.
Finally, click the Assign button.
NOTE: The user's userPrincipalName
in Microsoft Entra ID must exactly match their email address in Middleware.
Manage Users in Middleware
Existing Users
Once you configure SSO in Middleware, all current users will automatically switch to SSO authentication. They won't need to take any action - the next time they log in, they'll be prompted to use their Microsoft credentials instead of their previous Middleware password.
New Users
For users who aren't already in your Middleware account:
Send an invitation through Middleware
User accepts the invitation via email
User can then sign in using SSO with their Microsoft credentials
NOTE: The user's email address in Middleware must exactly match their userPrincipalName
in Microsoft Entra ID.
Login
SP-initiated login
SP-initiated, or Service Provider-initiated, means login initiated from Middleware.
Select the Microsoft Entra ID icon on the sign-in or sign-up page.
In the displayed pop-up, enter your Email Address and click Submit.
The system will initiate SAML authentication with Microsoft Entra ID to verify your identity. If you're already signed in to your Microsoft account, you'll be automatically authenticated without any action required. If not, you'll be prompted to enter your Microsoft credentials and complete the login process. Once authentication is successful, you'll be automatically redirected back to Middleware’s home page.
IDP-initiated login
IdP-initiated, or Identity Provider-initiated, means login initiated from the Microsoft App Dashboard portal.
Go to your My Apps page in Microsoft.
Click on the Middleware app.
Once authentication is successful, you'll be automatically redirected back to Middleware’s home page.