help

Book a demo
Sign in
English

help

help

Integrations

>

Microsoft Entra ID SAML SSO

How to set up Single Sign-On (SSO) with Microsoft Entra ID in Yoffix

Table of Contents

The following instructions describe how to configure SAML 2.0 SSO using Microsoft Entra ID (formerly Azure Active Directory).

For other supported SSO providers please see the dedicated pages

Step 1: Log in to Microsoft Entra ID

Go to: https://portal.azure.com

Navigate to: Microsoft Entra IDEnterprise applications.

AD Instruction image 1

Step 2: Create a SAML 2.0 Application

  1. Click New application

    AD Instruction image 2-1


  2. Click Create your own application

    AD Instruction image 2-2


  3. Enter Yoffix as the name

  4. Select: Integrate any other application you don't find in the gallery (Non-gallery)

  5. Click Create

    AD Instruction image 2-3

Step 3: Configure Single Sign-On

  1. Open the application

  2. Go to Single sign-on

  3. Select SAML

    AD Instruction image 3-1

In the Basic SAML Configuration section, click Edit and enter:

  • Identifier (Entity ID):
    https://api.app.yoffix.com/sso/saml/metadata

  • Reply URL (Assertion Consumer Service URL):
    https://api.app.yoffix.com/sso/saml/assert

Leave all other fields blank.

Click Save.

Yoffix Microsoft Entra ID set up guide

Step 4: Configure Attributes & Claims

Click Edit Attributes & Claims.

Modify Required Claim

  • Open Unique User Identifier (Name ID)

AD Instruction image 3-3

Change Source attribute to: user.mail

Click Save

AD Instruction image 3-4

Add Additional Claims

Under Additional claims, add:

  • email

  • first_name

  • last_name

AD Instruction image 3-5AD Instruction image 3-6AD Instruction image 3-7

Namespace should be left empty for the added claims.

You may remove other claims if not required.

You should end up with the following attributes setup

AD Instruction image 3-8

Step 5: Assign Users or Groups

  1. Go to Users and groups

  2. Click Add user/group

  3. Assign the users or groups who should access Yoffix via SSO

Only assigned users will be able to sign in using Microsoft Entra ID.

AD Instruction image 4

Step 6: Download Federation Metadata

  1. Go back to Single sign-on

  2. Click Download Federation Metadata XML

You will need this information for the Yoffix configuration.

AD Instruction image 5-1

Open the file in your favourite editor and copy X509Certificate

AD Instruction image 5-2

Copy the Login URL from the Set up Yoffix section (4)

AD Instruction image 5-3

Configure SSO in Yoffix

  1. Go to Settings → Integrations

  2. Under the SSO section, select Microsoft Entra ID

  3. Choose SAML

Provide the following details from your Identity Provider (IdP):

  • SSO URL (Login URL from Entra ID)

  • X509 Certificate

You can also define up to 10 email domains.

Example:
If your company email format is name@yourorgdomain.com, add:

yourorgdomain.com

Only users with these domains will be allowed to authenticate via SSO.

If you're still experiencing issues, contact Yoffix support at support@yoffix.com — our team will assist you.