SAML SSO Microsoft Entra
π SAML SSO Microsoft Entra
"Enable secure single sign-on with Microsoft Entra and Brainframe GRC."
Follow these steps to configure SAML authentication between your Entra tenant and Brainframe GRC.
1οΈβ£ Create the Application
- Go to the Entra admin center β https://entra.microsoft.com/#home and click New application.
- Select Create your own application.
- Enter a name for your application, choose Non-gallery application, and click Create.
2οΈβ£ Configure the Entra Application
- Go to Single sign-on and select SAML.
- Click Edit in the Basic SAML configuration block.
- Retrieve the required values from Brainframe Workspace Settings β Authentication and enter them into Entra. Leave other fields empty. Click Save.
- Edit the Attributes & claims block.
- Delete all non-required claims under Additional claims by clicking the 3 dots β Delete.
- Add new claims manually via Add new claim.
- Create the following case-sensitive claims:
firstnamelastnameWorkspaceId
WorkspaceId (not Workspaceid). β Example final configuration:
3οΈβ£ Brainframe Configuration
Once Entra is ready, configure the Brainframe GRC side in Workspace Settings β Authentication.
- Copy the Login URL from Entra (SSO page) β paste into IdP Single Sign-On (SSO) Login URL in Brainframe.
- Download the SAML Certificate (Base64) β Copy the text (remove the BEGIN/END CERTIFICATE lines) β Paste into IdP application certificate in Brainframe.
4οΈβ£ Test the Integration
- Add users to the Entra application.
- Test the application login flow.
- Assigned users will now see the app available in their Entra portal.
5οΈβ£ Common Errors & Fixes
Updated on: 05/09/2025
Thank you!