SSO SAML Configuration

flare supports the following saml configurations docid\ lbk46kdrtmqf le7yoart docid\ lbk46kdrtmqf le7yoart docid\ lbk46kdrtmqf le7yoart configuring microsoft azure entra id navigate to enterprise apps in your entra id tenant and click on new application you should now be in the entra app gallery, click on create your own application this should open a drawer similar to the screenshot below give the application a representative name like flare sso , leave integrate any other application you don't find in the gallery (non gallery) selected in the what are you looking to do with your application? section click create application and wait for entra to create it click on set up single sign on click on saml edit the basic saml configuration set the identifier to urn\ amazon\ cognito\ sp\ us east 1 eds7l4vuu set the reply url to https //sso firework flared io click save at the top of the drawer you should now be able to fill out the required fields in the sso configuration screen in flare paste the app federation metadata url from the saml certificates section to the metadata (url) field in flare paste the corresponding claim from the attributes & claims section to the mapping email field in flare the format of this field is http //schemas xmlsoap org/ws/2005/05/identity/claims/$claim name where $claim name corresponds to email attribute in entra in the example screenshot, this could either be http //schemas xmlsoap org/ws/2005/05/identity/claims/name or http //schemas xmlsoap org/ws/2005/05/identity/claims/emailaddress depending on your entra user distribution if you have customized claims, you might need to use a different metadata url you can find it by navigating to the app registration you just created click on the managed application in local directory link in the left sidebar, under manage , select single sign on if a new custom signing has been used, you should see a section called certificates copy the value from federation metadata document set the value metadata url in flare to the value you just copied azure entra id should now be correctly configured configuring okta flare settings metadata url taken from okta in the "sign on" subtab of the application mapping email http //schemas xmlsoap org/ws/2005/05/identity/claims/emailaddress okta settings single sign on url https //sso firework flared io/saml2/idpresponse audience uri urn\ amazon\ cognito\ sp\ us east 1 eds7l4vuu application username email attribute statement create an attribute statement as follows name http //schemas xmlsoap org/ws/2005/05/identity/claims/emailaddress format basic value user email configuring jumpcloud app creation user authentification > add new application > custom application custom application features manage single sign on (saml) save application app config sp entity id urn\ amazon\ cognito\ sp\ us east 1 eds7l4vuu acs url https //sso firework flared io/saml2/idpresponse samlsubject nameid email samlsubject nameid format urn\ oasis\ names\ saml 1 1\ nameid format\ unspecified declare redirect endpoint yes creating a user attribute service provider attribute name http //schemas xmlsoap org/ws/2005/05/identity/claims/emailaddress jc attribute name email flare config metadata url obtain from copy metadata url in jumpcloud mapping email http //schemas xmlsoap org/ws/2005/05/identity/claims/emailaddress