help

Book a demo
Sign in
English

help

help

Integrations

>

Microsoft Entra ID SAML SSO

How to set up Single Sign-On (SSO) with Microsoft Entra ID in Yoffix

At a glance

The following instructions describe how to configure SAML 2.0 SSO using Microsoft Entra ID (formerly Azure Active Directory).

For other supported SSO providers please see the dedicated pages

Step 1: Log in to Microsoft Entra ID

Go to: https://portal.azure.com

Navigate to: Microsoft Entra IDEnterprise applications.

AD Instruction image 1

Step 2: Create a SAML 2.0 Application

  1. Click New application

    AD Instruction image 2-1


  2. Click Create your own application

    AD Instruction image 2-2


  3. Enter Yoffix as the name

  4. Select: Integrate any other application you don't find in the gallery (Non-gallery)

  5. Click Create

    AD Instruction image 2-3

Step 3: Configure Single Sign-On

  1. Open the application

  2. Go to Single sign-on

  3. Select SAML

    AD Instruction image 3-1

In the Basic SAML Configuration section, click Edit and enter:

  • Identifier (Entity ID):
    https://api.app.yoffix.com/sso/saml/metadata

  • Reply URL (Assertion Consumer Service URL):
    https://api.app.yoffix.com/sso/saml/assert

Leave all other fields blank.

Click Save.

Yoffix Microsoft Entra ID set up guide

Step 4: Configure Attributes & Claims

Click Edit Attributes & Claims.

Modify Required Claim

  • Open Unique User Identifier (Name ID)

AD Instruction image 3-3

Change Source attribute to: user.mail

Click Save

AD Instruction image 3-4

Add Additional Claims

Under Additional claims, add:

  • email

  • first_name

  • last_name

AD Instruction image 3-5AD Instruction image 3-6AD Instruction image 3-7

Namespace should be left empty for the added claims.

You may remove other claims if not required.

You should end up with the following attributes setup

AD Instruction image 3-8

Step 5: Assign Users or Groups

  1. Go to Users and groups

  2. Click Add user/group

  3. Assign the users or groups who should access Yoffix via SSO

Only assigned users will be able to sign in using Microsoft Entra ID.

AD Instruction image 4

Step 6: Download Federation Metadata

  1. Go back to Single sign-on

  2. Click Download Federation Metadata XML

You will need this information for the Yoffix configuration.

AD Instruction image 5-1

Open the file in your favourite editor and copy X509Certificate

AD Instruction image 5-2

Copy the Login URL from the Set up Yoffix section (4)

AD Instruction image 5-3

Configure SSO in Yoffix

  1. Go to Settings → Integrations

  2. Under the SSO section, select Microsoft Entra ID

  3. Choose SAML

Provide the following details from your Identity Provider (IdP):

  • SSO URL (Login URL from Entra ID)

  • X509 Certificate

You can also define up to 10 email domains.

Example:
If your company email format is name@yourorgdomain.com, add:

yourorgdomain.com

Only users with these domains will be allowed to authenticate via SSO.

If you're still experiencing issues, contact Yoffix support at support@yoffix.com — our team will assist you.