Single Sign-On (SSO) allows your team to streamline login processes and enhance security by integrating Apostle Social with your Azure environment using SAML. This guide will walk you through the setup step-by-step.
Prerequisites
Before getting started, ensure you have the following:
Access to your Azure portal.
Admin privileges in Apostle Social to configure the SSO settings.
Note: Single Sign-On (SSO) is only available in our Performance-Driven plan. If you’re interested in upgrading or need assistance, one of our experts can help you set it up. Please contact our team for more information.
Step 1: Create a New Application in Azure
Navigate to the Azure Portal.
In Azure Services, click Microsoft Entra ID.
In the left-hand menu, select Enterprise applications.
At the top of the table, click + New application.
Select + Create your own application.
Enter a name for your application.
Ensure the third option (Integrate any other application you don’t find in the gallery) is selected (default setting).
Click Create.
Tip: It may take a few seconds for the application to be created. Once done, you’ll be redirected to the app’s details page.
Step 2: Configure Single Sign-On in Azure
In the app’s details menu, click Single sign-on.
In the "Select a single sign-on method" screen, choose SAML.
Basic SAML Configuration
Enter the details provided in Apostle Social under Team Settings > Integrations:
Entity ID: Enter the Microsoft Entra Identifier.
SSO URL: Enter the Login URL from Azure.
Step 3: Update Attributes & Claims
To ensure correct user mapping, update the following claims:
In Attributes & Claims, modify the required claim:
Unique User Identifier (Name ID): Set the source attribute to the user's email address. This will serve as the unique username and email recipient for Apostle Social.
Add additional claims to avoid users being registered as "SSO User":
Claim Name:
first_name
Source Attribute:user.givennameClaim Name:
last_name
Source Attribute:user.surname
Step 4: Download the SAML Certificate
In the SAML Certificates section, download the Base64 Certificate.
This will be used to secure the connection between Azure and Apostle Social.
Step 5: Configure SSO in Apostle Social
Log in to Apostle Social.
Navigate to Team Settings > Integrations.
Enter the following details:
Entity ID: Microsoft Entra Identifier.
SSO URL: Login URL from Azure.
Upload the Base64 Certificate downloaded earlier.
Save your changes.
Step 6: Test the Integration
Return to Azure and add yourself as a user in Users and Groups for the application.
Test the SSO connection:
Log in via Apostle Social.
Verify that the integration works as expected.
Step 7: Release the App to Users
Once the integration is tested successfully, release the application to your team.
In Azure, navigate to the app's Properties:
Self-Service Settings:
Allow Access → Yes
Select Groups → Assign the appropriate groups or users.
Save your changes.
The app will now be available via My Apps.
Optional: You can update the app’s logo or modify its availability in the Properties section of Azure.
Additional Notes
If users encounter issues, ensure the claims and SAML configuration match those specified in Apostle Social.
For more details, refer to the Azure documentation.
If you need any additional help setting up the integration, please contact our support team.
Tip: Always test the setup with a small group before rolling it out to all users.