Ctrlk
Log inSign up

Entra ID

Configure SAML 2.0 SSO and SCIM provisioning for Natoma using Microsoft Entra (formerly Azure AD).

SAML 2.0 SSO Setup

Prerequisites

Before configuring SAML 2.0, ensure you have admin access to both the Microsoft Entra admin center and your Natoma instance with Admin permissions.

Supported Features

  • SP-initiated SSO (Single Sign-On)

  • IdP-initiated SSO

  • Just-In-Time provisioning

Attribute Statements

In Entra ID the following SAML claim must be added:

Name
Value

email

user.mail

Make the name of the claim email, leave the source as Attribute and from the source attribute dropdown select user.mail & save

Setup Instructions

Enable SAML in Natoma

  1. In Natoma, navigate to Admin Settings and toggle SAML 2.0 on.

  2. Ensure the following two toggles are disabled:

    • Request signed Assertions from the IdP? — Disabled

    • Request signed Authentication Response from the IdP? — Disabled

Create the Application in Entra

  1. Sign into the Microsoft Entra admin center.

  2. Navigate to Enterprise ApplicationsAdd a new applicationCreate your own Application.

  3. Name your application, select Integrate any other application you don't find in the gallery (Non-gallery), and save.

Configure Single Sign-On

  1. Navigate to Single sign-on in the left-hand nav of the app and select SAML.

  2. Edit the Basic SAML Configuration and copy & paste the values from Natoma into the appropriate fields.

Configure Attribute Claims

  1. Edit the Attributes & Claims section and click Add new claim.

  2. Set the Name to email, leave Source as Attribute, and select user.mail from the Source attribute dropdown.

  3. Save the claim.

Copy Metadata URL to Natoma

  1. Navigate back to the SAML-based Sign-on screen using the breadcrumbs at the top.

  2. Copy the Metadata URL from the SAML Certificates section.

  3. Paste the Metadata URL into Natoma.

  4. Ensure both toggles remain disabled (as set in Step 1).

Test and Save

Click Test Connection and Save. This will log you out and back in via SAML.

SCIM Provisioning Setup

SCIM (System for Cross-domain Identity Management) enables continuous synchronization of users between Microsoft Entra and Natoma, providing automated user lifecycle management.

Prerequisites

SAML SSO must be fully configured and tested before enabling SCIM provisioning.

Supported Features

  • Create users

  • Update user attributes

  • Deactivate users

Setup Instructions

Enable SCIM in Natoma

  1. In the Natoma Admin Console, navigate to AdminSSO.

  2. Toggle on the SCIM Integration option.

  3. Click Generate Token, then immediately copy the token.

You will not be able to view this token again — save it securely before closing.

2. Configure Provisioning in Entra

  1. Back in the Entra admin center, go to the Provisioning menu within your SAML app.

  2. Click Connect your application.

  3. Copy and paste the SCIM URL and Token from Natoma into Entra.

  4. Click Test Connection to verify the credentials.

3. Save Configuration in Natoma

After a successful test in Entra, navigate back to Natoma and click Save.

Last updated