# Microsoft Entra ID Self Serve SSO Steps - SAML

The following steps have to be executed in the SingleStore Helios Portal and the Microsoft Entra ID (previously Azure AD) Admin portal sequentially.

## In the Microsoft Entra ID Admin Portal

1. In the  Microsoft Entra ID portal, select **Enterprise Applications** in the left menu.

2. Select **+New application** on the top left of the main panel.

3. Select **+Create your own application** on the top left of the main panel

4. Fill out the following details:

   * What’s the name of your app? *SingleStore*
   * What are you looking to do with your application? *Integrate any other application you do not find in the gallery (Non-gallery)*

5. Select **Create**

6. The application now exists. From the **Getting Started** panel, select `Get started` in **2 Set up single sign on**.

7. Select **SAML**.

## In the SingleStore Helios Portal

1. Open the **ORG:your-org** menu on the top and go to **Organization Details**.

2. Select the **Authentication** tab.

3. Use the **Add Identity Provider** menu on the right and select `SAML 2.0` identity provider connection.

4. Add a **Connection Name**, for example, *Azure AD SAML*.

5. Copy the **Login** and **Logout** URL.

## In the Microsoft Entra ID Admin Portal

1. Select **Edit** next to&#x20;**&#x20;(1) Basic SAML Configuration**.

2. Select **Add Identifier** unde&#x72;**&#x20;Identifier (Entity ID)** and copy the **SingleStore’s Entity ID** from the SingleStore Helios Portal.

3. Under **Reply URL (Assertion Consumer Service URL),** select **Add reply URL**.

4. From the SingleStore Helios Portal copy the URLs:

   * SingleStore's **Login** and **Logout** URL to  **Reply URL (Assertion Consumer Service URL**
   * SingleStore's **Logout** URL to **Logout Url (Optional)**

5. Do not fill in the **Sign on** URL at this time. Currently, this is not support for SAML connection for Microsoft Entra ID.

6. Leave  **RelayState&#x20;**&#x20;empty.

7. Select **Save** at the top-left of the panel and wait for the action to be complete.

8. State `No, I’ll test later` for the validation.

9. I&#x6E;**&#x20;(3) SAML Certificates**, download the `Federation Metadata XML`.

## In the SingleStore Helios Portal

1. Scroll down to **(2) Identity provider XML** and upload the downloaded `Federation Metadata XML.`

2. Scroll down to **(4) Map User Attributes**.  Enter the following values:

   * Email: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress`
   * FirstName: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname`
   * LastName: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname`

3. Scroll up to **(3) Connection settings** and [add a domain](https://docs.singlestore.com/cloud/security/portal-access/troubleshooting-sso-connections/#section-idm4551296101785633961190540101.md).

4. Select **Save**.

## In the Microsoft Entra ID Admin Portal

1. Ensure all users have an email address configured in their properties. If they do not, and all of them have a **User principal name** that is an email ID, then use `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name` as the email attribute instead when configuring SingleStore. An email address will only be sent if users are configured with one.

2. On the Microsoft Entra ID overview page, assign users and groups by selecting **Assign users and groups**. At this time, SSO is just authentication, not authorization, so all users can be assigned to the SingleStore application.

***

Modified at: December 11, 2025

Source: [/cloud/security/portal-access/saml/microsoft-entra-id-self-serve-sso-steps-saml/](https://docs.singlestore.com/cloud/security/portal-access/saml/microsoft-entra-id-self-serve-sso-steps-saml/)

(An index of the documentation is available at /llms.txt)