This article is specific to using Microsoft Entra for SAML SSO and explains how to configure Microsoft Entra and Gearset to work together. It should be read alongside the general SAML SSO documentation.
Note: SAML SSO is only supported on the Deployment Enterprise and Data Backup Enterprise tiers. SAML user accounts are new, distinct accounts and cannot be linked to old accounts e.g. Google, Salesforce. Connections, jobs and other settings will need to be recreated.
Create an application for Gearset SSO in Microsoft Entra
(If you already have a suitable application set up, skip to the next section)
Go to Microsoft Entra admin center -> Enterprise applications -> New application
Click on Create your own application, enter a name for the application (for example "Gearset SSO"), select Integrate any other application you don't find in the gallery and then click Create.
Once the application is created, select Single sign-on and SAML.
This will leave you at the SAML configuration screen:
Configure the Microsoft Entra application
At this point, also open the Single sign-on page in Gearset in a separate tab.
In section 1 (Basic SAML configuration):
Set Identifier (Entity ID) to Gearset's Entity ID
Set Reply URL (Assertion Consumer Service URL) to Gearset's Assertion Consumer Service (ACS) URL
In section 2 (Attributes & Claims):
Add a claim with name mobilephone, namespace http://schemas.xmlsoap.org/ws/2005/05/identity/claims and source attribute user.mobilephone.
Add a claim with name urn:gearset:display_name and source attribute user.displayname.
Configure Gearset single sign-on
Still in Microsoft Entra, click the Edit button in section 3 (SAML Certificates) and download the certificate in Base64 format.
In the Gearset Single sign-on page, locate the Identity Provider section. Copy and paste the contents of the downloaded certificate file into the Active Signing Certificate text box.
Finally, in the same section:
Set Issuer ID to the Microsoft Entra application's Microsoft Entra ID Identifier
Set Identity Provider Single sign-on URL to the Microsoft Entra application's Login URL
Save changes in both Microsoft Entra and Gearset. You should now be able to assign users to the Microsoft Entra application and sign in to Gearset with these users.