Skip to main content
Sign in

Creating a SSO integration for Azure users

  • November 19, 2025 15:12
  • Updated

In this guide, we'll walk you through the process of integrating Oomnitza with Azure Active Directory for Single Sign-On (SSO) capabilities. This involves creating an application within Azure, configuring SSO settings, and linking the details to your Oomnitza instance. 

Create an application in Azure 

To set up Azure Active Directory SSO in Oomnitza, you first need to create an application in Azure and download a SAML certificate.

  1. Navigate to Enterprise Applications in your Azure Portal mceclip1.png
  2. In the Manage section on the left menu, select All Applications.
  3. Click New application on the top menu.
  4. Click Create your own application.
  5. Enter a name for your application, for example, Oomnitza SSO. figure2.png
  6. After creating the app, in the People application integration page, find the Manage section and select Single sign-on. For further information refer to Configure Azure AD SSO.
  7. Select SAML to open the SSO configuration page. mceclip4.png
  8. Click Edit in the Basic SAML Configuration section. mceclip5.png

  9. Enter the following information, and then click Save:
    Identifier (Entity ID): https://adapplicationregistry.onmicrosoft.com/oomnitza_sso
    Reply URL (Assertion Consumer Service URL): https://{{YourOomnitzaDomain}}.oomnitza.com/saml/consume
    Sign on URL: https://{{YourOomnitzaDomain}}.oomnitza.com/saml/validateLogin

    Step9.png

    Important
    When you update the Identifier (Entity ID), an additional step is required. The Identifier (Entity ID) for your instance must be updated by Oomnitza. When you make this change, you must notify your contact at Oomnitza.

  10. The application requires the NameIdentifier or NameID claim to come from the userprincipalname in an email format. If the userprincipalname is already in an email format, no additional changes need to be made and you can proceed to the next step. Otherwise, you need to edit the User Attributes & Claims section. The example below shows a Name ID that uses email prefix. For further information, refer to Customize claims issued in the SAML token for enterprise applications.

    blue-notification-small.svg In most cases, you won't need to modify the claims. Try it out as is and unless you get a 401 error, you won't need to make any changes.

    Example

    mceclip1.png mceclip2.png

  11. In the SSO configuration page, download the Certificate (Base64) and copy the Login URL.

Next steps

Add your login URL and upload the certificate you generated to Oomnitza.

Add your details to Oomnitza

  1. Log into Oomnitza and select Configuration > Integrations.
  2. Click Block view block_view.PNG
  3. On the Integrations page, scroll down to the SSO Integrations and click the Azure Active Directory tile.
  4. On the CONNECT page, enter your Azure SSO Login URL and upload the certificate saved from step 11. 
  5. JIT Provisioning: Select this option if you want to support JIT provisioning. JIT provisioning automatically creates a user account the first time users try to log in to applications. Alternatively, you will need to manually create a user account for each new user in Oomnitza. If you select JIT Provisioning, you must also supply the following:
    • Default Role - The default Oomnitza role assigned to the imported or JIT-provisioned users at the time their account is created.
    • Name Identifier - The method used to identify the imported or JIT provisioned user. 
  6. SSO only: Select this option if you wish to prevent standard authentication to Oomnitza. This option will remove the username and password option and require that users log in only via Azure SSO. We suggest that you do not select this option until you have tested the SSO feature and verified it works correctly.
  7. Enable multifactor authentication. Select this option to add a layer of protection to the sign-in process. When accessing Oomnitza, the user will need to provide additional identity verification, such as entering a code received by phone.
  8. Click FINISH at the bottom right to save.
  9. Return to your Azure portal and add users or groups that should have access to Oomnitza. For further information refer to Add or delete users using Azure Active Directory.
  10. Verify that SSO is successful by clicking on the Single Sign-On (SSO) option in your Oomnitza instance. mceclip20.png

Troubleshooting MFA errors

Details

When attempting to log into your Oomnitza instance with Azure SSO enabled, you may receive the following error message:

 

azure_sso_authentication_error.PNG

Solution

1. Activate Multi-factor Authentication (MFA):

Refer to step 7 in the previous section and ensure that the Enable multifactor authentication checkbox is selected in the integration configuration in Oomnitza.

2. Disable MFA settings

If you prefer not to enable MFA in the integration configuration, it's suggested that you temporarily disable MFA settings on the device to check if it resolves the issue. As an example, if Windows Hello is enabled on the device:

  •  
    • Go to Settings > Accounts > Sign-in options.
    • Disable the Windows Hello signin switch.

Learn more

Related articles

Comments

0 comments

Please sign in to leave a comment.