This article is specific to using Microsoft Entra for SAML SSO and explains how to configure Microsoft Entra and Gearset to work together. It should be read alongside the general SAML SSO documentation.

Note: SAML SSO is only supported on the Deployment Enterprise and Data Backup Enterprise tiers. SAML user accounts are new, distinct accounts and cannot be linked to old accounts e.g. Google, Salesforce. Connections, jobs and other settings will need to be recreated.

(If you already have a suitable application set up, skip to the next section)

Go to Microsoft Entra admin center -> Enterprise applications -> New application

Click on Create your own application, enter a name for the application (for example "Gearset SSO"), select Integrate any other application you don't find in the gallery and then click Create.

Once the application is created, select Single sign-on and SAML.

This will leave you at the SAML configuration screen:

At this point, also open the Single sign-on page in Gearset in a separate tab.

In section 1 (Basic SAML configuration):

In section 2 (Attributes & Claims):

Still in Microsoft Entra, click the Edit button in section 3 (SAML Certificates) and download the certificate in Base64 format.

In the Gearset Single sign-on page, locate the Identity Provider section. Copy and paste the contents of the downloaded certificate file into the Active Signing Certificate text box.

Finally, in the same section:

Save changes in both Microsoft Entra and Gearset. You should now be able to assign users to the Microsoft Entra application and sign in to Gearset with these users.