Setting Up Microsoft Entra (Azure AD)
This document outlines the steps required to set up Microsoft Entra (formerly Azure AD) SSO integration with StepSecurity.
Setup Instructions
Step 1: Create a New Enterprise Application
Navigate to your Microsoft Entra Admin Portal.
Create a new Enterprise Application.
Name the application StepSecurity.

Step 2: Configure Single Sign-On
After creating the application, go to the Single Sign-On section.
Select SAML as the SSO method.

Step 3: Provide SAML Configuration
In the SAML Basic Configuration, enter the following values:
Identifier (Entity ID)
urn:amazon:cognito:sp:us-west-2_PGbAJDNzx
Reply URL (Assertion Consumer Service URL)
https://login.app.stepsecurity.io/saml2/idpresponse
Leave all other properties with their default values unless specified otherwise.
(Optional) For Idp initiated login we can add the Default RelayState:
identity_provider=
<IDP_NAME_IN_COGNITO>
&client_id=
<COGNITO_CLIENT_ID>
&redirect_uri=https%3A%2F%2F.stepsecurity.io%2Fauth%2Fcognito%2Fcallback&response_type=code&scope=email+openid+phone+profile
Step 4 Add a Group Claim
Update Attributes & Claims to pass group information in the SAML assertion.
Open Attributes & Claims → Add a group claim.
Under Which groups select Groups assigned to the application.
Set Source attribute to Cloud‑only group display names.
Expand Advanced options.
(Optional) You may filter groups if you need to limit which ones are emitted.
Enable Customize the name of the group claim and set Name to
Groups
.Save.

Step 5: Exchange metadata and (optionally) configure IdP‑initiated access
Download the IdP metadata file from the Entra SAML page and share it with StepSecurity.
(Optional) For IdP‑initiated login to the StepSecurity Console:
Contact StepSecurity to obtain your RelayState value (or construct it using the template above).
In the Entra portal, paste that value into Relay State (Optional) under Basic SAML Configuration and Save.

Last updated
Was this helpful?