Skip to main content

Set Up Single Sign-On (SSO) and SCIM User Management in Azure AD/Microsoft Entra ID

Here are the steps to set up SSO for Pirros

Updated over a month ago

Prerequisites

To get started, you need the following items:

  • An Azure AD subscription

  • Pirros SAML SSO enabled subscription

  • Pirros Identifier (Entity ID)

  • Pirros Reply URL (Assertion Consumer Service URL)

Step 1

Adding Pirros

To configure the integration of Pirros into Azure AD, you need to add Pirros from the gallery to your list of managed SaaS apps.

  1. Sign in to the Azure portal using your work account.

  2. Select Microsoft Entra ID

  3. Navigate to Enterprise Applications and then select All Applications.

  4. To add a new application, select New application.

  5. Select Create your own application.

  6. Under "What's the name of your app?" input Pirros or something similar.

  7. Under "What are you looking to do with your application?" select Integrate any other application you don't find in the gallery (Non-gallery). If a list of recommended gallery applications are shown, do not select any.

  8. Select Create in the bottom of the pane. Wait a few seconds while the app is added to your tenant.

Step 2

Configure Azure AD SSO

Follow these steps to enable Azure AD SSO in the Azure portal.

  1. In the Azure portal, on the Pirros application integration page, find the Manage section and select single sign-on.

  2. On the Select a single sign-on method page, select SAML.

  3. On the Basic SAML Configuration section, click the more/edit icon.

On the Basic SAML Configuration section, enter the values for the following fields:

  1. In the Identifier (Entity ID) section, click Add Identifier and enter the URL located in the SSO tab of your Pirros Settings Page.

  2. In the Reply URL (Assertion Consumer Service URL) section, click Add reply URL and enter the URL located in the SSO tab of your Pirros Settings Page.

  3. Click Save when you have completed steps 1 and 2.

Step 3

Insert Data into Pirros

You must insert the following information into Pirros on the SSO/SCIM tab of your Pirros Settings page in order to enable SSO.

Important: Before proceeding to download the SAML certificate in the next step, make sure you’ve entered and saved both the Entity ID and ACS URL in the Basic SAML Configuration section. Downloading the certificate before this information is saved may result in outdated or invalid metadata being generated.

  1. On the Set up single sign-on with SAML page, in the SAML Certificates section, find Certificate (Base64) and click Download to download the certificate to your computer. You will have to open this file in some kind of text editor so you can copy/paste the text into the Pirros Settings page.

  2. On the Set Up single sign-on with SAML page, in the Set up Pirros section, find Login URL and copy/paste the URL into the Pirros Settings Page.

  3. In the Pirros Settings Page, also add the Domain of your firm’s email addresses (e.g. “architech.com”).

  4. Here is a screenshot from the Pirros page, further indicating what actions should be taken for each field:

  5. Hit the “Submit Data” button in Pirros to save your SSO configuration

Step 4

Add Just-in-Time (JIT) Provisioning (Optional for SSO; Required for SCIM)

JIT Provisioning automates account creation when users log in via SSO for the first time.

  1. Toggle on SSO JIT Provisioning.

  2. Once toggled on, you must select a Default Role and a Default Workspace (if applicable).

  3. Click Save.

  4. Users will be automatically assigned to a seat until there are no seats left.

  5. Admins must manually remove users to free up seats.

image-20260218-204726.png

Step 5

Add Users and Groups

In this section, you'll add Users and Groups to use Azure single sign-on.

  1. From the left pane in the Azure portal, select Users and Groups.

  2. Select Add Users/Group at the top of the screen.

  1. In the User Properties, follow these steps:

    • Click Users: None Selected

    • Find the users in your database that you want to utilize SSO for Pirros.

    • Click Select.

    • You will get a notification when the Application assignment succeeds.

Step 6

Configure SCIM User Provisioning (Optional)

SCIM automates user provisioning and de-provisioning, so you don't need to manually manage user assignments. Steps 1–4 must be completed before configuring SCIM.

  1. In the Azure portal, in the Pirros application (that was created in Step 1) select Provisioning in the sidebar. This will navigate you to a Provisioning page. In the sidebar, under Manage, select Provisioning (again).

  1. Set Provisioning Mode to Automatic.

  1. In the Pirros Settings page, toggle SCIM on (The SCIM section won’t even appear until you have submitted your SSO configuration from Step 3). Then copy/paste these values from Pirros to the fields in Admin Credentials.

    1. SCIM Base/Reply URL (in Pirros) → Tenant URL (in Azure)

    2. Bearer Token (in Pirros) → Secret Token (in Azure)

  1. Click Test Connection to verify your credentials.

  2. In the sidebar, navigate to Attribute Mappings, then under Provision Microsoft Entra ID Users (not Groups): ensure Enabled is set to Yes, Target Object Actions are enabled for Create, Update, and Delete, and that the following fields are mapped correctly:

    1. userName -> userPrincipalName

    2. active -> Switch([IsSoftDeleted], , "True", "False", "False", "True").

    3. emails[type eq "work"].value -> mail

    4. name.givenName -> givenName

    5. name.familyName -> surname

  1. Click “Save” on the Attribute Mapping page

  2. Navigate to Users and Groups and make assignments to the app if you haven't already done so in Step 5. Provisioning via Azure happens on a schedule and can take up to 45 minutes. For immediate provisioning, navigate to Provision on demand (you must make assignments prior to using “Provision on demand”)

Now you’re all set. Once Azure processes the provisioning here, the users should be created in Pirros and automatically assigned using the JIT settings you provided in Step 4.

Did this answer your question?