Articles in this section

See more

Assure SSO - SAML Configuration

  • Updated

This article describes how to configure Single Sign-On (SSO) (an authentication method that allows a user to log in once to access multiple applications) for Assure using the SAML 2.0 (Security Assertion Markup Language 2.0, an open standard for exchanging authentication and authorisation data between an identity provider and a service provider) protocol via Azure Active Directory (Azure AD) Enterprise Applications.

The configuration involves creating a non-gallery enterprise application in Azure AD, entering the Identifier (Entity ID) (a unique identifier used to represent a SAML entity in a SAML configuration) and the Reply URL / Assertion Consumer Service (ACS) URL (the specific endpoint where the identity provider sends the authentication response after a user has been authenticated), and providing the App Federation Metadata URL (a URL pointing to a metadata document containing configuration details required to establish trust and enable SAML SSO between an identity provider and a service provider) to the Evotix implementation consultant.

An optional step covers how to add an attribute statement for customers who want users to launch Assure directly from the Azure MyApps portal.

Audience: IT Administrators and Evotix Implementation Consultants configuring SAML-based SSO for any Assure stack (UK, UK2, NA, ANZ, etc.).

Assure SSO - SAML Configuration

  1. In Enterprise Applications click New application
  2. Click Create your own application > Type in a name for the application > Select Integrate any other application you don't find in the gallery (Non-gallery) > Create
  3. Click Single sign-on > SAML > Edit Basic SAML Configuration
  4. Enter the details as below, then click Save:
Identifier (Entity ID) (a unique identifier used to represent the Assure application in the SAML configuration): https://ids.<STACK>.sheassure.net/saml-<CUSTOMERKEY>
Reply URL (Assertion Consumer Service URL) (the endpoint where Azure AD sends the authentication response after a user successfully authenticates): https://ids.<STACK>.sheassure.net/core/saml-<CUSTOMERKEY>/signin
Replace <STACK> with your hosting region (for example: uk, uk2, na, anz). Replace <CUSTOMERKEY> with your Customer Key (the unique suffix of the customer Assure link, found after the forward slash in your Assure URL), provided by your Evotix Project Manager or Customer Support Analyst.
  1. (Optional) If users will be launching Assure from the MyApps portal, edit Attributes & Claims > click Add a new claim > enter the following details, then save:
    • Name = tenant
    • Source attribute = type in your customer key and select it as a constant
  2. Copy the App Federation Metadata URL (the URL pointing to a metadata document containing configuration details required to enable SAML SSO between Azure AD and Assure) and send to your Evotix Implementation Consultant.

AI Metadata

  • Product Area: Authentication, System Configuration, SSO
  • User Role: IT Administrator, Evotix Implementation Consultant, Customer Success Manager (CSM)
  • Tags: SSO, Single Sign-On, SAML, SAML 2.0, Azure AD, Enterprise Applications, ACS URL, Entity ID, App Federation Metadata URL, Customer Key, MyApps, non-gallery app, identity provider, Assure authentication
  • Version/Region: All Assure stacks (UK, UK2, NA, ANZ). Replace <STACK> and <CUSTOMERKEY> with region-specific values. This is a provider-side configuration article; the steps are performed in Azure AD and apply to any Assure hosting region.
  • Important synonyms: SAML / SAML 2.0 / Security Assertion Markup Language, Entity ID / Identifier / Audience URI, ACS URL / Reply URL / Assertion Consumer Service URL, App Federation Metadata URL / SAML Metadata URL / Federation Metadata endpoint, Customer Key / Site Name / Tenant Key, MyApps / Microsoft MyApps portal / Azure App Launcher
  • Suggested embedding keywords: Assure SAML SSO setup, SAML 2.0 Azure AD Assure, configure SSO SAML Assure, Entity ID Assure SAML, ACS URL Assure SSO, App Federation Metadata URL Assure, non-gallery application Azure SSO, MyApps portal Assure tenant attribute, Assure SSO identity provider configuration, SAML enterprise application Assure
  • Relevant modules and cross-module implications: This article is scoped entirely to authentication configuration performed in Azure AD. SSO configuration applies globally across all Assure modules and AssureGO+, as access to the entire Assure platform is gated through the Identity Server (ID6) login flow. No individual module is configured as part of this process. For stack-specific URL values, refer to the corresponding Azure AD Configuration Guide articles (UK, UK2, NA, ANZ).
Return to top

Related articles