Federated Authentication Settings

Updated by Alek Ohanian

Create & Configure App in Entra ID

(Formerly Azure AD)

Throughout this document, <BlueprintURL> refers to the URL of your Blueprint site (e.g., https://demo.blueprintcloud.com).

For Blueprint Cloud customers, your Blueprint URL would have been provided to you by Support or your Customer Success Manager.

Create the App

  1. Navigate to the Microsoft Entra Admin Center (https://entra.microsoft.com)
  2. Browse to Identity -> Applications -> Enterprise applications -> All applications
  3. Select New Application
  1. Select Create Your Own Application
  1. Name your app (e.g., “Blueprint SSO”)
  2. Select the radio button for Integrate any other application you don't find in the gallery (Non-gallery)
  3. Select Create

Configure the App

  1. Navigate to Single Sign-On
  2. Select SAML
  1. Edit Basic SAML Configuration and populate the fields as follows:
    1. For SP-initiated SSO
      1. Identifier (Entity ID): <YourBlueprintURL>/Login/SAMLHandler.ashx
      2. Reply URL (Assertion Consumer Service URL): <YourBlueprintURL>/Login/SAMLHandler.ashx
      3. Sign on URL: <YourBlueprintURL>/index.html
      4. Relay State and Logout URL are not required and can be left blank.
    2. For SP & IdP-initiated SSO
      1. Identifier (Entity ID): <YourBlueprintURL>/Login/SAMLHandler.ashx/?host=https%3A%2F%2F<YourBlueprintURL>
      2. Reply URL (Assertion Consumer Service URL): <YourBlueprintURL>/Login/SAMLHandler.ashx
      3. Sign on URL: <YourBlueprintURL>/index.html
      4. Relay State and Logout URL are not required and can be left blank.
  1. Download the Federated Metadata XML file from the SAML Certificates section.
Depending on your corporate IT policies and the Enterprise Application’s Assignment Required setting, you may need to assign users or groups to the application before they can sign in.

Refer to Microsoft’s documentation for more information:
- Properties of an enterprise application
- Manage users and groups assignment to an application

Configure Blueprint

  1. From Settings, expand Advanced Settings and select Federated Authentication Settings
For information on how to access Blueprint Settings, see About Blueprint Settings.

  1. Check the Enable Federated Authentication checkbox
  2. Click the Auto-Fill With SAML Metadata button and upload the XML file you downloaded in Step 4 from the previous section
  3. Modify the following fields in the Login Settings section:
    1. Logout URL: Enter your Blueprint URL (e.g., https://demo.blueprintcloud.com)
    2. Login Prompt Value: Enter the text you want to display below the Login button on Blueprint’s login page directing your users to log in with SSO. For example, you can enter “Login with Microsoft Entra ID”. Users will need to click this link to trigger SP-initiated SSO.
    3. Attribute Claim Rule Name: Enter “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name” (without quotation marks) to use Entra ID’s default claim for User Principal Name (the end user’s email address).

Create Blueprint Users

Once configuration is complete, an individual's username must be set to their Microsoft 365 email address to ensure that their User Principal Name and Blueprint username match.

For more information on creating and managing Blueprint users, see Creating and Managing Users.

How did we do?