Your organization
Access management

MS Azure AD SAML

9min

This feature is available to Enterprise customers.

The following manual configuration creates an SAML SSO configuration for your Enterprise organization.

Prerequisites

  • Owner role in an Enterprise organization
  • Administrative access to your organization's Microsoft Azure AD portal

Supported features

This configuration supports the following:

  • Service provider initiated SSO
  • Single Log Out [optional]

Configuration steps

Before configuring SSO, you need to assign a namespace and download your service provider certificate in . These steps provide information you need to enter later.

Create your namespace in Make

1

Click Organization in the left sidebar.

2

Click the SSO tab.

3

Under Namespace, enter the namespace you want for your organization. For example, acme_corp. Your organization members enter this namespace when they log in via SSO.

4

Under SSO type, select SAML 2.0.

5

Copy the Redirect URL and save it in a safe place. You will use this later when you create your SAML integration in the Microsoft Azure AD portal.

Create an SAML application in the MS Azure portal

1

Log in to the Microsoft Azure portal and navigate to the Azure Active Directory.

MS Azure portal

2

In the left navigation, click Enterprise applications.

MS Azure Enterprise applications

3

Click + New Application.

4

Click + Create your own application.

5

Enter a name for your app and select Integrate any other application you don't find in the gallery.

Create your own application

6

Click Create.

7

In the left navigation, click Single Sign-on.

Single sign-on

8

Click SAML.

9

Configure your Basic SAML settings using the Redirect URL (https://www.make.com/sso/saml/{namespace}) that you copied in the the steps above.

Field

Value

Entity ID

https://www.make.com/sso/saml/{namespace}/metadata.xml

Reply URL

https://www.make.com/sso/saml/{namespace}

Logout URL

https://www.make.com/sso/saml/{namespace}

Basic SAML configuration

10

In the Attributes & Claims section, click Edit to rename your attributes.

Attributes and claims

11

Under Additional claims, find the value you want to edit and click that row.

12

Enter the new name in the Name field. Use the following chart to find the names required for your IML resolve.

Field

Value

email

user.mail

name

user.displayname

id

user.userprincipalname

Unique User Identifier

user.userprincipalname

13

Click Save.

14

Copy the Login URL and save it in a safe place.

Login and logout URL


Download the SAML certificate

You need to download the base 64 SAML certificate from Microsoft Azure and upload it to the Identity Provider Certificate field of the SSO tab in your organization.

1

Find the SAML Certificates section of your single sign-on settings in the Microsoft Azure portal.

2

Next to Certificate (Base64), click Download.

Your browser automatically downloads the .cer file.

Update the SSO in Make

1

Click Organization in the left sidebar.

2

Click the SSO tab.

3

Under Identity Provider Certificate, click Extract. A pop-up appears.

4

Under P12, PFX or PEM file, click Choose file and select the .cer file you downloaded.

5

Enter the following information from MS Azure into the IdP login URL and Identify provider certificate fields.

Field

Value to enter from MS Azure

IdP login URL

Login URL

Identity provider certificate

Certificate (Base 64)

6

Enter the following in the Login IML resolve field:

JS

7

Select the following settings:

Field

Value

Allow Unencrypted Assertions

Yes

Allow Unsigned Responses

No

Sign Requests

Yes

SSO Settings

8

Click Save.

You will receive an email with the subject "Activation complete: SSO ready for your organization" upon successful activation. If you encounter any issues while logging in using SSO, disable SSO using the "one-time link" (valid for 24 hours).



Service Provider initiated SSO

1

Go to make.com.

2

Click Sign in with SSO.

3

Enter the namespace you chose for your organization.

4

Log in using your Microsoft credentials and consent to 's access to your user data.