Skip to main content

Setup SAML with Microsoft Entra ID (Azure AD)

  1. Login to your Microsoft Azure portal and search for “Entra ID” in the search bar and click “Microsoft Entra ID” from the search results. Enter Entra ID
  2. Click on “Enterprise applications” from the left side menu. Select Enterprise Applications
  3. Click “New Application” and select “Create your own application” New Application Create Your Own
  4. Enter the name of your application and click “Create” Name Your App
  5. In the new app, click on “Single sign-on” from the left side menu and select “SAML” Setup Single Sign-on Select SAML
  6. Click on “Edit” and enter the following values:
    • Identifier (Entity ID): https://zenzap.co
    • Reply URL (Assertion Consumer Service URL): https://prod-api.zenzap.co/sso/saml/callback\ Basic SAML Configuration
  7. Click “Save”
  8. Click on “User Attributes & Claims” from the left side menu and click “Add new claim”
    • displayName - recommended to be the user first name + last name
    • email - recommended to be the user email
    • id - user.objectid User Attributes & Claims Configuration
  9. Download the certificate (base64) and save it. Download Certificate
  10. Configure SAML in Zenzap:
  • Go to your Zenzap account and navigate to Admin → Organization
  • Under “Single sign on (SSO)”, select SAML
  • Enter the following values from your Azure AD SAML configuration page:
    • SAML SSO URL: Format https://login.microsoftonline.com/xxxxxx/saml2
    • Identity Provider Issuer: Format https://sts.windows.net/xxxx
  • Upload the certificate you downloaded in step 9
  • Enter Service Provider Entity ID as https://zenzap.co
  • Click “Save”

User Groups (App Roles)

Configure user roles to control access levels within Zenzap.
  1. In Entra ID: Go to app registration → Application Name → App roles Configure App Roles
  2. Create new app roles. Zenzap supports 2 app role values: admin and user Configure App Roles
  3. Assign the app roles to the users/groups Assign App Roles