Microsoft Entra ID

Configure Microsoft Entra ID (formerly Azure AD) as a SAML identity provider for sfp.

Use the URL that matches your deployment mode. Self-hosted: replace <your-domain> with your sfp server domain. Cloud: use auth.flxbl.io. See URL convention.

1. Create the application

1. Sign in to the Azure Portal.

2. Go to Microsoft Entra ID → Enterprise applications → New application.

3. Choose Create your own application.

4. Select Integrate any other application you don't find in the gallery (Non-gallery).

5. Name it (e.g. "sfp SSO") and click Create.

2. Configure SAML

In the new application, go to Single sign-on → SAML and click Edit on Basic SAML Configuration.

Click Save.

3. Configure attributes and claims

Entra ships only emailaddress by default. displayname, givenname, and surname are NOT in the default claim set — you must add them explicitly below, or sfp users will end up with empty first/last names.

Click Edit on Attributes & Claims and ensure these are set:

The Name ID format must be Email address — sfp matches users by email.

4. Copy the federation metadata URL

In the SAML Certificates section, copy App Federation Metadata URL. It looks like:

This is the only thing you need to hand to sfp.

5. Assign users

1. In the application, go to Users and groups → Add user/group.

2. Pick the users (or groups) who should have sfp access.

3. Click Assign.

Users not assigned here will be rejected at the IdP before they ever reach sfp.

Next step

Continue with Self-Hosted Setup or Cloud Setup to register the IdP with sfp.