Home

Microsoft Entra ID(formerly Azure AD)-SAML2.0

eSignGlobal supports identity federation based on SAML2.0. You can integrate Microsoft Entra ID with eSignGlobal by SAML2.0 to enable single sign-on eSignGlobal for Microsoft Entra ID accounts. It is not necessary to create a CAM user for every user of the enterprise or organization.

 

Create a Microsoft Entra ID application

  1. After logging in to Azure Portal, click [display menu] on the left of the top to enter [Microsoft Entra ID].
2.png
3.png
  1. Click [Enterprise applications] in the [Manage] column on the left.
4.png
  1. Click [All applications] in the left menu bar, then click [New application].
5.png
  1. Click [Create your own application] in the top menu bar.
6.png
  1. Input the application name, select [Integrate any other application you don't find in the gallery (Non-gallery)] and create.
7.png
  1. The following page appears to indicate creating successfully.
8.png

 

Assign user access

  1. Click [Assign users and groups].
9.png
  1. Click [Add user/group].
10.png
  1. Click [None Selected] to enter the add user page.
11.png

Select the required user and confirm the selection.

12.png
  1. Click [Assign] to complete the assignment.
13.png
  1. You can view the added users in the [Users and groups].
14.png

 

Set up single sign-on

  1. Click the menu bar on the left [Single sign-on] and select [SAML] as the single sign-on method.
15.png
  1. To set up SAML single sign-on, you need to fill in the Identifier(Entity ID) and Reply URL(Assertion Consumer Service URL).
16.png
  1. Return to the eSignGlobal website, log in and install the [Single Sign-on with SAML2.0] add-on, and click [Settings] in the top menu bar.
17.png
  1. Click [Single Sign-On] in the [Security] directory on the left.
18.png
  1. Click [Add Configuration], enter [SP Identifier], and select [SSO Protocol] as SAML2.0.
19.png
  1. After the input is completed, [Audience URL] (Service Provider Entity ID) and [ACS URL] will be automatically generated. Click on the right to copy them to the Microsoft Entra ID [SAML-based Sign-on] page.
20.png
  1. Back to the Microsoft Entra ID [SAML-based Sign-on] page and click [Edit].
21.png

Fill in the copied [Audience URL] with [Identifier] (Entity ID); [ACS URL] fill in [Reply URL] (Assertion Consumer Service URL), and click [Save] above after completion.

Note:

  • [Audience URL] (service provider Entity ID) in eSignGlobal corresponds to [identifier] (Entity ID) in Microsoft Entra ID;
  • [ACS URL] in eSignGlobal corresponds to [reply URL] (assertion consumer service URL) in Microsoft Entra ID.
22.png
  1. After the save is successful, click close in the upper right corner, and the page will display the filled Identifier and Reply URL.
23.png
  1. Slide down the page to download the [Federation Metadata XML] file in [SAML Certificates].
24.png
  1. Back to the eSignGlobal [Add Configuration] page and click to upload the downloaded XML file.
25.png
  1. After the upload is successful, the [Single Sign-on URL] and [Signing Certificate] will be automatically filled in, and click [Confirm].
26.png

When the status displays [Enabled], it indicates that the SSO configuration is successful.

27.png

 

Verify SSO

  1. On the eSignGlobal official website login page, choose SSO login.
28.png
  1. Enter the workspace identifier and click [Log in].
29.png
  1. The page will redirect to Microsoft login and select the corresponding Microsoft account.
30.png
  1. Enter the email and the verification code sent to the email in the page, click [Submit], and log in to the eSignGlobal homepage.
31.png

Warning:

  • The login email address through SSO cannot be used as the platform login account of eSignGlobal.