Navigate to “Microsoft Entra ID” within your Azure account

Click “Enterprise applications” in the left navigation

Click “New application” in the top-left corner

Click “Create your own application” in the top-left corner

Name the app “samdesk”, choose “Integrate any other application you don't find in the gallery (Non-gallery)”, and click “Create”

In the new application, click “Single sign-on” in the left navigation

Select “SAML” as the single sign-on method

Click “Edit” next to “Basic SAML Configuration”

Set “Identifier (Entity ID)” to “https://samdesk.io/sp”

Set “Reply URL (Assertion Consumer Service URL)” to “https://sso.samdesk.io/signin/sso/saml”

Click “Save”

Under the “SAML Certificates” section download the “Certificate (Base64)”

Under the “Set up samdesk” section copy the values for “Login URL” and “Microsoft Entra Identifier” (we will need these in the next section)

In the samdesk application, navigate to Settings > Account Settings > Security

Scroll down to the “SAML Authentication” section and enable it

Set “Identity Provider Single Sign-On URL” to the “Login URL” value copied from above

Set “Identity Provider Issuer” to the “Microsoft Entra Identifier” value copied from above

Set “Certificate” to the contents of the “Certificate (Base64)” file that was downloaded

Navigate to the samdesk SAML app in Azure and click “Users and groups” in the left navigation

From here click “Add user/group” in the top-left corner to add users and groups

You can test the Identity Provider Initiated flow by using the “Test single sign-on with samdesk” button at the bottom of the “Single sign-on” configuration page for the samdesk SAML app in Azure

You can test the Service Provider Initiated flow by navigating to https://dash.samdesk.io, clicking “Sign in with SSO”, then providing your email address (which must match the one used in Azure)