Configuring Microsoft Entra ID SAML 2 0 for SSO

Copy

• Copy for LLM

  Copy page as Markdown for LLMs
• View as Markdown

  Open this page as Markdown
• Open in ChatGPT

  Get insights from ChatGPT
• Open in Claude

  Get insights from Claude
• Connect to Cursor

  Install MCP server on Cursor
• Connect to VS Code

  Install MCP server on VS Code

You’ll need to configure settings in Microsoft Entra ID (formerly Azure AD) to finalize the setup for Identity Federation.

1. Open Microsoft Entra ID.
2. Navigate to Enterprise applications - All Applications.
3. Select New application.

4. Select Add from the gallery> Microsoft Entra ID SAML Toolkit.

5. Type the name you want for the application.

6. Navigate to Visit Enterprise Applications.
7. Select <your_app>.

8. Select Manage > Single sign-on.
9. Select SAML.
10. On theSet up single sign-on with SAML page, edit the Basic SAML Configuration.

11. Change the following fields in the Basic SAML Configuration.

• Identifier (Entity ID): Examples:

  • urn:treasuredata:sso:aws:<your_account_name>
  • urn:treasuredata:sso:aws-tokyo:<your_account_name>
  • urn:treasuredata:sso:eu01:<your_account_name>

• Reply URL: https://sso.treasuredata.com/login/callback

• Sign-on URL:

  • US: https://console.us01.treasuredata.com/users/initiate_sso?account_name=<your_account_name>
  • JP: https://console.treasuredata.co.jp/users/initiate_sso?account_name=<account_name>
  • Europe: https://console.eu01.treasuredata.com/users/initiate_sso?account_name=<account_name>

  12. Locate the Entity ID in the TD Console under**Administration > Sign In Settings > Identity Federation.

  13. Go back to the Azure console. Go to Attributes & Claims** section. Choose the value you want to use for the Unique User Identifier. If user.mail is indicated, you can set up the TD user with their email. If the value is [user.name](<http://user.name>), set the field with the user name.

  14. Select Save.

  15. Navigate to Enterprise applications - All Applications.

  16. Select the desired application.

  17. SelectUsers and groups > Add user.
      

  18. Add users and assign roles.

  19. After users are assigned, navigate to Single sign-on.
      

  20. Gather the following items from the Single sign-on page to complete your configuration from within the TD Console. Ensure you are checking the configuration for the correct Entity ID.

FAQs

Why can't I authenticate from Auth0?

If you receive the following error, "Could not authenticate you from Auth0 because "Recipient is invalid. configured: https://sso.treasuredata.com/login/callback".

Review the URL of your identity server. It is possible that it is set to the incorrect URL.