Microsoft Entra ID SSO Setup Guide (Formerly Azure AD)

This article will help guide you with setting up SSO with Formstack via Microsoft Entra ID.

Note - Formstack is IdP agnostic and most of the settings in this article are related to a Microsoft centric set up which are not managed, nor maintained by Formstack. If you have issues within Entra ID for your set up, please refer to  - Microsoft's help documentation around SSO applications. 

Add new application for Single Sign-On (SSO) in Microsoft Entra ID (Formerly Azure AD)

Step 1: Log in to Azure. The url should point to https://portal.azure.com/#home

Step 2: Navigate to the Microsoft Entra ID service. You can search for "Microsoft Entra ID" in the search box at the top of the page.

Step 3: In the left-hand panel, navigate to Enterprise Applications. From there, select All Applications.

Step 4: Click New Application to add a new application.

Step 5: In the Add from the Gallery section, search for “Microsoft Entra SAML Toolkit” and add it. Make sure to give your application a name.        

Add SSO users to app 

Once the application you added loads, you are ready to go through the following Getting Started steps:

Step 1: Assign users and groups. Click + Add User.

• You will need to add all users you want to be able to login to Formstack via SSO.

Create New Auth Provider in Formstack

Navigate to the Authentication section of your Formstack and Add New Auth Provider. 

Step 1: Please reference this article on how to set up an SSO application within Formstack.

Step 2: The easiest way to import the application meta data from the app you have created in Entra ID is to download the Federation Metadata XML from the app settings and import it into the Identity provider settings within Formstack.

Complete SSO configuration in Microsoft Entra ID

Step 1:  Copy and paste the following newly created URLs back into Entra ID “Basic SAML Configuration” box

• Entity ID -> Identifier
• ACS URL -> Reply URL
• Use this as the Sign-on URL: https://www.formstack.com/admin/dashboard. Click save.

Step 2 : Navigate to User Attributes & Claims. Verify the Unique User Identifier to be the user’s email address. This should be the default setting and you can check by clicking edit in the Attributes and Claims box and hovering over the "Unique User Identifier (Name ID)" label. It will show you what it is.

 mapped to.

Step 3 : Once saved, your set up will be complete and you can then proceed with testing your app by clicking the "Test" button within the "Test single sign-on with Formstack SAML" step in setup.