To request an SSO setup for your workspace, please submit a ticket to LeanIX Support.
This guide explains how to configure single sign-on (SSO) with Microsoft Entra ID as an Identity Provider (IdP). Before proceeding, learn more about the general SSO configuration process. For details, see Single Sign-on (SSO).
To learn how to add a non-gallery application in Microsoft Entra ID, please refer to the Microsoft Entra ID documentation.
We do not support the single sign-out protocol for Entra ID.
Please ensure that the settings are configured according to the example below:
- Identifier (Entity ID):
- Reply URL:
When using SAML login with Microsoft Entra, you need to pass a user's first name, last name, email, and role as described in the Single sign-on (SSO) documentation page. These values are defined as SAML Token Attributes in the Relying Party Trust.
In order to properly configure the attribute mapping, custom claim rules need to be configured. The following example rules help to configure your Microsoft Entra federation with LeanIX.
Follow these steps:
Configure additional claims using the following values.
Claim Name Type Value
The following image shows the target values that you need to configure. When you open the configuration page, it may show different values. For example, the first claim in the Additional claims table is initially set to
givenname, but you need to change it to
For each claim, delete the Namespace value in the configuration.
For customers who assign roles in Entra ID, it's necessary to create corresponding App Roles in your App Registrations.
These app roles can then be assigned to users and/or groups within the enterprise application.
Claim conditions are an option for assigning roles to Active Directory groups. When adding conditions, they will be met in order of appearance. In the example below, if a user belongs to scoped groups of "VIEWER" and "MEMBER," they will be assigned VIEWER permission by order of operation.
To learn how to configure the
user.assignedrolesvalues, please refer to the Entra ID documentation.
Updated 8 days ago