Skip to content
English
Contact
  • There are no suggestions because the search field is empty.

Single-Sign-On (SSO) Setup Via Azure AD / ENTRA ID

Instructions for Customers Using Azure AD

Step 1: Create an Enterprise Application

Log in to the Azure portal.

Navigate to Azure Active Directory / Microsoft Entra ID and add a new Enterprise Application.

Choose "Create your own application", name it "Stackgini", and select "Integrate any other application you don’t find in the gallery (Non-gallery)".

Step 2: Configure Single Sign-On

Open the created application, and go to the Single sign-on menu.

Choose SAML as the sign-on method.

Step 3: Fill in SAML Settings

You can use the predefined links for the SAML configuration. To do this, you must replace <TENANT> with the name of your Stackgini tenant (you can find this in the URL if you use Stackgini—typically, the tenant name is your company name).

Identifier (Entity ID): https://softwaregini.com/auth/realms/softwaregini/broker/<TENANT>/endpoint

Reply URL (Assertion Consumer Service URL): https://softwaregini.com/auth/realms/softwaregini/broker/<TENANT>/endpoint

Logout Url (optional): https://app.softwaregini.com/<TENANT>/logout

Step 4: Attributes and Claims

Required:

Ensure the Unique User Identifier is correct. If the user's email is not the unique identifier, please let us know which field contains the email address so we can map it.

Optional: Group & Role Mapping

If you want to map Azure AD groups to Stackgini roles (e.g., Admin, Manager), follow these steps.

Note: Enabling this will disable manual role management within the Stackgini platform.

  • Click "+ Add a group claim."
  • Select "Groups assigned to the application".
  • Under Source attribute, select "Cloud-only group display names" (This is required to send readable names instead of IDs).

Important:

  • Do NOT check "Customize the name of the group claim." (Leave it as default).
  • Verify the resulting Value in the table reads: user.groups [ApplicationGroup].
  • Click Save.
  • Ensure your relevant security groups (e.g., "Stackgini_Admins") are assigned to the application under Users and groups.

Step 5: Provide Configuration Details to Stackgini

To finalize the setup, please email the following to david.mente@stackgini.de:

  • Federation Metadata URL (or the downloaded Metadata XML file).
  • (If Group Mapping is used):
  • The Claim Name from your list (Default is usually: http://schemas.microsoft.com/ws/2008/06/identity/claims/groups).
  • The exact Azure Group Name that should map to "Admin".
  • The exact Azure Group Name that should map to "Manager" (optional).

Step 6: Allow access for relevant user groups

Please align internally on which users and user groups need to get access to Stackgini via SSO.

Contact details

If you have any questions, please contact your Stackgini customer service representative.