How to setup Single Sign On with Microsoft Entra ID
This guide walks you through the necessary steps to configure Microsoft Entra ID (previously known as Microsoft Azure AD) as identity provider (IdP) for LUY.
Please note that even with active support contracts, support is only available for LUY itself and does not cover external systems or third-party setups.
Setup an Enterprise Application for LUY in Entra ID
Go to "Dashboard"
Click on "Enterprise applications"
To add the LUY app to your tenant, select “New application”
Choose the option "Non-gallery application"
Please enter a name for your "Application" (for example "LUY-SAML")
Click on "ADD"
The "Properties" page of the created "Application" opens
The next step is to add all necessary information to the “Enterprise Application”.
Open the page "Manage" - "Properties"
Copy the value from the field "Application ID"
Open the page "Manage" - "Single sign-on"
Click on "SAML"
Edit the Basic SAML Configuration:
Enter a title for the "Identifier (Entity ID)"
(The name for our example is "LUY-SAML")The "Reply URL (Assertion Consumer Service URL)" is the URL of LUY with the addition "/saml/SSO"
(The "Reply URL" for our example is "https://cloud.luy.app/saml/SSO")The "Sign on URL" is the URL of LUY without the "/" on the end(The "Sign on URL" for our example is "https://cloud.luy.app")
The "Relay State" is optional and stays empty
The "Logout URL" is the URL of Luy with the addition "/saml/SingleLogout"(The "URL" for our example is "https://cloud.luy.app/saml/SingleLogout").
Edit the user attributes & claims:
For LUY, the required attributes are "Mail", "Given Name", "Surname", "Login", and "Role". Usually, only the "Role" attribute is missing in the "Attributes & Claims" setup. This is resolved by adding the attribute “Group”, which corresponds with the Role in LUY.
To add the "Role" claim:
Click on "Add a group claim".
Select the "Groups" or "Roles" that correspond to LUY roles.
This will map the chosen groups or roles to the appropriate roles in LUY.
Click "SAVE" to generate the missing "Role" claim.
In our example the attribute "Mail" is used as the "Login" claim, and our configuration looks like this:
Please reach out to LUY support to complete the configuration and enable single sign-on (SSO) for your LUY.
Configure LUY to use SAML2
To complete the configuration and enable single sign-on (SSO) for your LUY, please refer to the following page: SAML2