search
PricingContact supportOpen app

Azure (Microsoft Entra)

hashtag
Overview

This guide walks you through configuring SAML-based Single Sign-On (SSO) between Azure Active Directory (Microsoft Entra) and Mailtrap.

hashtag
Configure Single Sign-On with Azure

hashtag
Create an Enterprise application

1

Open your Azure Active Directory and select Enterprise applications

2

Add a new application by clicking the + New application button

3

Choose + Create your own application, enter the name of the application (e.g., "Mailtrap"), and select Integrate any other application you don't find in the gallery (Non-gallery)

hashtag
Set up Single Sign-On

After the application has been created, you can set up single sign-on:

1

Choose Set up single sign-on in the Getting Started section

2

For Single Sign-on mode, select SAML based Sign-on

Follow the steps on the SSO with SAML screen. Azure AD has a detailed configuration guidearrow-up-right at the top of the page for further guidance.

hashtag
Basic SAML configuration

Click edit in the dropdown menu and provide the following SAML Provider details to your Azure from Mailtrap:

  • Entity ID → Identifier (Entity ID)

  • Assertion Consumer Service URL → Reply URL (Assertion Consumer Service URL)

  • Single Logout Service URL → Logout URL

hashtag
User attributes and claims

In the User Identifier field, enter user.mail.

hashtag
SAML signing certificate

1

Click Edit and choose SHA-1 Signing Algorithm

2

Click Save

3

Download Certificate (Base64)

4

Open it in any text editor and copy its content

5

Paste the certificate content into the Mailtrap X509 Certificate field

hashtag
Identity provider details

Provide the following to Mailtrap from Azure:

  • IdP Entity ID (Identity Provider Issuer) → Azure AD Identifier

  • Single Sign-on URL → Login URL

  • Optional: Single Logout Service (SLO) URL → Logout URL

Now you can save your SAML configuration on Mailtrap.

hashtag
Assign Users and Groups

With SAML configuration complete, you need to add users or groups to your application in Azure:

1

Click Users and groups on the left sidebar

2

Click on + Add User → Users and Groups

3

Select all users you want to add to the application and click Select

hashtag
Permissions

By default, we create users with no permissions. If you want the user to be automatically assigned to Account Admin or Account Viewer role, you need to set up the role mapping.

hashtag
Configure role mapping in Mailtrap

In the following example, we assign the roles depending on the title attribute value:

hashtag
Configure attributes in Azure

1

Navigate to Attributes & Claims

2

Click Add new claim

3

Add the title claim with the appropriate source attribute (e.g., user.jobtitle)

4

Click Save

Your Azure SSO configuration with role mapping is now complete.

PreviousSSO GuideNextOkta

Last updated

Was this helpful?