Tutorials
      Back to home
      1. Support Center
      2. Kaiterra Data Platform
      3. Tutorials

      How to configure Microsoft Entra SSO for Kaiterra (FKA Azure Active Directory)

      Note: Single Sign-On is available for Kaiterra Subscription users only. If you are not a Kaiterra Subscription user and require SSO, please contact your sales representative for more information.

      This guide will walk you through the process of configuring Single Sign-On (SSO) between your Kaiterra account and Microsoft Entra ID (formerly Azure Active Directory).

      Prerequisites

      Before you start, make sure you have:

      • A Kaiterra Data Platform account with administrator privileges.

      • A Microsoft Entra ID account.

      • An Administrator role (such as Application Administrator or Cloud Application Administrator) in Microsoft Entra ID.

      Step 1: Prepare Kaiterra

      You will need to copy information from the Kaiterra Data Platform into the Microsoft Entra admin center, and vice versa. It's best to have both open in separate browser tabs.

      1. Sign in to the Kaiterra Data Platform.

      2. Navigate to your Organization Settings and open the SSO tab.

      3. Keep this page open. You will need the values listed here shortly.

      Note: If you do not see an SSO tab, this feature may not be included in your current subscription plan. Please contact your Kaiterra Sales Representative for more information.

      Step 2: Configure Microsoft Entra ID

      Follow these steps to create and configure a new application in the Entra admin center.

      1. Go to the Microsoft Entra admin center and sign in with your administrator credentials.

      2. In the left-hand navigation pane, go to Identity > Applications > Enterprise applications.

      3. Click + New application.

      4. Click the + Create your own application button at the top of the gallery.

      5. A new pane will appear.

        • Give your application a name (e.g., "Kaiterra SSO").

        • Ensure the option "Integrate any other application you don't find in the gallery (Non-gallery)" is selected.

        • Click Create.

      6. Once the application is created, you will be taken to its overview page. In the left menu under the "Manage" section, click on Single sign-on.

      7. Select SAML as the single sign-on method.

      8. On the "Set up Single Sign-On with SAML" page, find the Basic SAML Configuration section and click the Edit button (pencil icon).

        • Identifier (Entity ID): Click + Add identifier. Copy the Service Provider Issuer value from your Kaiterra SSO tab and paste it here.

        • Reply URL (Assertion Consumer Service URL): Click + Add reply URL. Copy the Service Provider URL value from your Kaiterra SSO tab and paste it here.

        • Leave the other fields blank.

        • Click Save at the top of the pane.

      9. Next, find the Attributes & Claims section and click Edit.

        • Click on the claim named Unique User Identifier (Name ID).

        • Change the Source attribute from user.userprincipalname to user.mail. This ensures that users are identified by their email address.

        • Click Save.

      10. Close the "Attributes & Claims" pane to return to the main SAML setup page.

      Step 3: Configure Kaiterra

      Now, you'll take the information from Entra ID and add it to your Kaiterra settings.

      1. On the "Set up Single Sign-On with SAML" page in Microsoft Entra, find the section titled SAML Certificates.

      2. Next to Certificate (Base64), click Download. This will save the certificate file to your computer. Open this file with a plain text editor (like Notepad or TextEdit) and copy the entire block of text.

      3. In the section titled Set up Kaiterra SSO (or similar name), you will find the URLs needed for the next steps.

      4. Go back to your Kaiterra SSO settings tab and fill in the following fields:

        • Identity Provider URL: Copy the Login URL from your Entra ID settings and paste it here.

        • Identity Provider Issuer: Copy the Microsoft Entra Identifier from your Entra ID settings and paste it here.

        • Identity Provider Certificate: Paste the certificate text you copied from the downloaded Base64 file.

      5. Make sure the options Sign Auth Request and Login with SSO only are unchecked for now. You can enable "Login with SSO only" later, after you have confirmed everything works correctly.

      6. Click Save.

      Step 4: Test SSO

      To test if SSO is working correctly, follow these steps:

      1. Open a new private browsing window (Incognito, InPrivate, etc.).

      2. Navigate to the Kaiterra sign-in page.

      3. You should be redirected to the Microsoft sign-in page. Enter your credentials.

      4. After successful authentication, you should be redirected back to the Kaiterra Data Platform, where you will be logged in.

      If the test is successful, you can return to the Kaiterra SSO settings and check the "Login with SSO only" box to enforce SSO for all users in your organization.