Microsoft Entra ID (Formerly Azure AD)

Updated by Alek Ohanian

Create & Configure an app in Entra ID

Throughout this document, <BlueprintURL> refers to the URL of your Blueprint site (e.g., https://demo.blueprintcloud.com).

For Blueprint Cloud customers, your Blueprint URL would have been provided to you by a customer support or account representative.

Create the app

  1. Navigate to the Microsoft Entra Admin Center (https://entra.microsoft.com)
  2. Browse to Identity > Applications > Enterprise applications > All applications
  3. Select New Application
  1. Select Create Your Own Application
  1. Name your app (e.g., “Blueprint SSO”)
  2. Select the radio button for Integrate any other application you don't find in the gallery (Non-gallery)
  3. Select Create

Configure the app

  1. Navigate to Single Sign-On
  2. Select SAML
  1. Edit Basic SAML Configuration and populate the fields as follows:
    1. For SP-initiated SSO
      1. Identifier (Entity ID): <YourBlueprintURL>/Login/SAMLHandler.ashx
      2. Reply URL (Assertion Consumer Service URL): <YourBlueprintURL>/Login/SAMLHandler.ashx
      3. Sign on URL: <YourBlueprintURL>/index.html
      4. Relay State and Logout URL are not required and can be left blank.
    2. For SP & IdP-initiated SSO
      1. Identifier (Entity ID): <YourBlueprintURL>/Login/SAMLHandler.ashx/?host=https%3A%2F%2F<YourBlueprintURL>
      2. Reply URL (Assertion Consumer Service URL): <YourBlueprintURL>/Login/SAMLHandler.ashx
      3. Sign on URL: <YourBlueprintURL>/index.html
      4. Relay State and Logout URL are not required and can be left blank.
  1. Download the Federated Metadata XML file from the SAML Certificates section.
Depending on your corporate IT policies and the Enterprise Application’s Assignment Required setting, you may need to assign users or groups to the application before they can sign in. Refer to Microsoft’s documentation for more information:
- Properties of an enterprise application
- Manage users and groups assignment to an application

Configure Blueprint

  1. Log in to your Blueprint site
  2. Launch the Admin Portal
    1. For older versions of Blueprint, you can do so by clicking the cog icon in the top-right corner
    2. For newer versions of Blueprint, you can do so by clicking the three-line app menu in the top-left corner and selecting Admin Portal
  3. Navigate to Instance > Advanced Settings > Federated Authentication Settings
  4. Check the Enable Federated Authentication checkbox
  5. Select Auto-Fill With SAML Metadata and upload the XML file you downloaded in Step 4 from the previous section
  6. Modify the following fields in the Login Settings section:
    1. Logout URL: Enter your Blueprint URL (e.g., https://demo.blueprintcloud.com)
    2. Login Prompt Value: Enter the text you want to display below the Login button on Blueprint’s login page directing your users to log in with SSO. For example, you can enter “Login with Microsoft Entra ID”. Users will need to click this link to trigger SP-initiated SSO.
    3. Attribute Claim Rule Name: Enter “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name” (without quotation marks) to use Entra ID’s default claim for User Principal Name (the end user’s email address).

Create Blueprint Users

Once configuration is complete, an individual's username must be set to their Microsoft 365 email address to ensure that their User Principal Name and Blueprint username match.

For instructions on creating and editing users, refer to the relevant documentation.

How did we do?