Skip to main content
This manual provides step-by-step instructions to configure Single Sign-On (SSO) for PADS4 using Microsoft Entra ID.

Create a Microsoft Azure Enterprice Application

To configure a Microsoft Entra Identity provider, you will need to connect to Azure as an Administrator and create a new enterprise application.
  1. Go to https://portal.azure.com and sign in as an administrator.
  2. On Azure, go to the Enterprise applications page 
  3. Click on New application   Azure New Application
  4. Click on Create your own Application Azure Create Own App
  5. Fill in the information requested in the from. For example you can use PADS4 Azure Create Your Own App
  6. Click the Create button
  7. Your application is now being created.

Setup Single Sign On configuration

Now that your application has been created, you need to enable and configure single sign-on.
  • In the left menu, click on Single sign-on Azure Select SSO
  • Select SAML as Single Sign-On methode Azure Select SAML
You need to edit the basic SAML method. Click on Edit to do so. Azure SAML Step1 Edit the Basic SAML configuration. Azure SAML Basic Configuration
If your PADS4 server uses a domain other than “pads”, replace it with your actual domain name in the URL
e.g., for a domain named “domainone”, use https://pads4.mycompany.com/rdx/nds.services.authentication.integration/api/v1/domainone/Saml2/Acs).
  • Click on Save to apply the changes

Edit Attributes & Claims

  1. You need to edit the Attributes & Claims. Click on Edit to do so. Download
  2. Edit the Attributes & Claims Download

Create the Group Claim

To map Microsoft Entra groups to PADS4 roles, configure the group claim:
  1. Click Add new group claim.
  2. Select Groups assigned to the application (radio button).
  3. Choose Group ID as the source attribute.
  4. Click Save.
Azure SAML Group Claims
NameTypeValue
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressClaimuser.mail
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givennameClaimuser.givenname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameClaimuser.userprincipalname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surnameClaimuser.surname
http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsGroup claimuser.groups

Assign users and groups

To specify which user groups can access the application, assign the appropriate user groups to it.
  1. In the left menu, select Users and groups.
  2. Click Add user/group to add a new group. Azure Add Pads4users And Groups
  3. Click Users and groups, choose the group you want to assign, and then click Select. Azure Search Group
  4. Click Assign
You can repeat this action for each user group you want to assign to the application.

Collect configuration data for the PADS4 identity provider

To create the identity provider in PADS4, gather these details from your Microsoft Entra configuration. Open the Single sign-on page and collect:
  1. App Federation Metadata URL (e.g., https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/federationmetadata/2007-06/federationmetadata.xml?appid=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)
  2. Certificate (Raw) – Click the link to download it (e.g., your-application-name.cer)
  3. Login URL (e.g., https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/saml2)
  4. Microsoft Entra Identifier (e.g., https://sts.windows.net/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/)
Azure Set Up You’ll use this information later when setting up the identity provider in PADS4.

Set up the identity provider in PADS4

After creating your identity provider application, you also need to set up the corresponding identity provider in PADS4.

Create the identity provider

To create the identity provider:
  1. Log in to PADS4 and navigate to Adminstration
  2. In the left-hand menu, click Credentials.
  3. Click on Providers
  4. Click onNew and select **Identity **and Microsoft Entra Pads4select Microsft Entra

Fill in provider details

  1. Name – Enter a display name for the provider in PADS4
  2. Identifier – Enter the Microsoft Entra Identifier you collected earlier
  3. Reply URL – Enter the URL of your local PADS4 application (e.g., https://pads4.mycompany.com).
  4. Metadata URL – Enter the Microsoft Entra: App Federation Metadata URL metadata URL you collected. Pads4create Microsoft Entra Id Provider
  5. The Identifier and Assertion Consumer Service URL are filled in.

Upload certificates

  1. Provider Signing Certificate - Upload the Certificate (Raw) (.cer) file you downloaded from your Microsoft Entra identity provider configuration.
  2. PADS4 Identity Provider Certificate - Upload a certificate (.pfx) to sign SAML assertions from PADS4 to Microsoft Entra.
  3. **Password **- Enter the password for the uploaded .pfx certificate (below the certificate field). Pads4upload Certificate Entra
If you don’t need to enable SCIM provisioning, click Create to finish setting up the identity provider.

Enable SCIM Provisioning (Optional)

You can enable SCIM provisioning during identity provider creation. This feature synchronizes users between Microsoft Entra and PADS4, automatically creating, updating, or deleting users linked to the application. Once enabled, save these values for later use in your Microsoft Entra SCIM configuration:
  1. SCIM URL
  2. SCIM Access Token Pads4create Scim Provisioning
Click Create to complete the identity provider setup.

Finalizing Microsoft Entra ID set-up

  1. Log out and refresh the PADS4 Portal.
  2. The SSO Login button should now be visible.
  3. Sign in using your Microsoft Entra credentials. Pads4log In With Entra