Requirements for this guide:

• Your domain and your tenant ID for the Flip App. Your contact person at Flip can provide you this information.
• You have access to the Azure portal at https://portal.azure.com.
• You are entitled to access the overview of and to register new apps at https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/ApplicationsListBlade.

To use Flip with your existing Azure instance, Flip must be registered as a new app. After this step, the app can be configured to use Single Sign-On (SSO). We will guide you through the individual steps in our step-by-step guide.

Registering an Enterprise application

The first step is to register a new Enterprise app in Azure. Use the search box (1) and select “Enterprise applications” (2) to go to the overview of all current registered apps.

Then simply click “Create your own application” (3). You will be forwarded to a form.

Fill out the form with the following details:

• The name of the new application (1). Use a name which enables you to identify Flip at any time. In this example, we’re simply using “Flip App SAML”.
• The intended use (2). Select “Integrate any other application …”.

Click “Create” (3) to have the new app created. The next step is identical to the steps shown for default application registrations.

Create a user to let Flip test SSO with your tenant

Please provide a test user to let Flip test the SSO process and configuration. Do ensure that testing is possible without any multifactor authentication obligations.

Switch to the user administration by searching (1) and clicking on “User” (2). Then click on “+ New user / Create new user” to open a form.

Please note: select the correct user navigation entry (blue icon).

Give the user a username that indicates their intended use (1).

Please note the user principal name and the password (2) to let Flip test the SSO configuration with your tenant.

Also ensure that the user is activated (3) and click on “Review + create” (4).

Important: Add the user to the group intended to act as the user base.

Users and Groups

Jump to your Enterprise application created for Flip (1) and select “Users and groups” in the navigation panel (2).

By clicking “+ Add user/group” you can add users and groups that should be able to log in with SSO.

Configure SSO

You will get the shown screen, where you configure the essential URLs of your Flip tenant.

Simply click on “Edit” (1) to open up a pane where you can add the following information. Your contact at Flip will provide this information to you. If you already know the domain and the tenant ID of your Flip tenant, you can build the URLs yourself:

Identifier (Entity ID): https://DOMAIN/auth/realms/TENANT

Reply URL (Assertion Consumer Service URL): https://DOMAIN/auth/realms/TENANT/broker/saml-azuread/endpoint

Sign on URL: https://DOMAIN/auth/realms/TENANT/broker/saml-azuread/endpoint

On the same page, please scroll down and have a look at the third and fourth box.

Note down the following information:

• App Federation Metadata URL (1)
• Login URL (2)
• Microsoft Entra Identifier (2)
• Logout URL (2)

Handover to Flip

After going through each step, this is the list of information that should be noted down:

• App Federation Metadata URL
• Login URL
• Microsoft Entra Identifier
• Logout URL
• User principal name of the Flip test user
• Password of the Flip test user

Please send all information to your contact person at Flip. They will set up Single-Sign-On for you.