Configuring SSO for Microsoft Entra ID

You can integrate the Clumio service with Microsoft Entra ID (formerly Azure AD) for seamless user authentication. Follow the steps below to configure Microsoft Entra ID as a single sign-on service for Clumio.

Prerequisites

Ensure that you have the following before you start configuring Microsoft Entra ID.

• Microsoft Entra ID account with admin privileges

• Clumio account with Super Admin Role

Enable Microsoft Entra ID integration with Clumio

In Microsoft Entra ID

1. Log in to the Microsoft Azure portal, and then click Microsoft Entra ID.

   The Microsoft Entra page appears.

2. Go to Manage > Enterprise Applications.

   The Enterprise applications page appears.

3. At the top of the page, click New application.

   The Browse Microsoft Entra App Gallery page appears.

4. At the top of the page, Click Create your own application.

5. Enter a name for your application and then click Create.

6. Click Set up Single Sign-on.

   

7. Select SAML.

8. Under Basic SAML Configuration, click Edit.

   

9. Get the Audience Restriction, Reply URL (Assertion Consumer Service), and Reply URL (Default Reply) from Clumio (see Step 4 in "In Clumio", below).

10. Under Basic SAML Configuration, paste the Reply URL (Assertion Consumer Service) and Reply URL (Default Reply), as shown below. Verify that the ACS ending in /idpresponse is selected as the default.

    

11. Click Save.

12. Close Basic SAML Configuration.

13. Navigate to SAML Signing Certificate, and then copy the App Federation Metadata Url field OR download the Federation Metadata XML. This will be needed in Clumio.

    

13 Under the User Attributes and Claims section, click Edit.

1. Verify that the Required Claim maps to Email Address and the value is either user.mail or user.userprincipalname (based on your organization's use).

2. Click Save.

3. Once SSO has been activated, go back to Basic SAML Configuration, change the other ACS URL not ending in /idpresponse as the default, and then click Save. This will ensure that both IDP initiated and SP initiated logins go through successfully.

   

In Clumio

1. Log on to Clumio.

2. Navigate to Administration > Access management > Authentication (SSO/MFA).

3. Click Configure SSO.

4. Copy the Audience Restriction, Reply URL (Assertion Consumer Service), and the Reply URL (Default Reply).

   This will be needed for the IdP side setup. 

5. Scroll down and upload the metadata retrieved from the IdP. You can either use the URL, upload the metadata XML file, or configure it manually. 

6. Click Save Configuration.

7. Click Test with my Account.

   A new tab opens to test the SSO connection.

8. Click Activate SSO.

   Note

   This step is important for SSO enablement.

9. Optional: Enable the check box to send emails to notify all users of the SSO enablement.

10. Click Enable.

    Note

    • For any user to utilize Clumio login through Azure/Entra SSO, the user needs to be explicitly added in the Clumio UI (Administration > Access management > Users) and should be assigned to the Clumio SAML Application created in Azure/Entra Directory.

    • If there are two SAML signing certificates present under the SAML Certificates section when editing SAML configurations, delete the certificate that is no longer needed, as there is a known issue with Microsoft in which the metadata URL/XML file may potentially reference the undesirable certificate.