Frontify

SSO (Single Sign-On) offers a quick and convenient login method for all employees. With SSO, you can automatically grant viewing access to all, or selected, employees within your company. SSO is available as an add-on for Enterprise accounts. For more details, please refer to our <a href="https://intercom.help/frontify/en/articles/451481-sso-fast-and-convenient-login-for-employees" rel="nofollow noopener noreferrer" target="_blank">introduction</a> and <a href="https://intercom.help/frontify/en/articles/3728546-sso-frequently-asked-questions-faq" rel="nofollow noopener noreferrer" target="_blank">FAQ</a>.

___________________________________________________________

To enable SSO for your brand portal, go to the <a href="https://hub.frontify.com/" rel="nofollow noopener noreferrer" target="_blank">Customer Hub</a> and look for the option to submit an SSO setup request (under the Ecosystem section).

Once your request is submitted, our Support team will contact you by email to complete the setup.

If you need help with your SSO configuration at any point, feel free to reach out to <a href="mailto:support@frontify.com" rel="nofollow noopener noreferrer" target="_blank">support@frontify.com</a>.

Frontify is part of the Microsoft Entra App Gallery:

&gt;&gt; <a href="https://azuremarketplace.microsoft.com/marketplace/apps/aad.frontify?tab=Overview" rel="nofollow noopener noreferrer" target="_blank">Gallery</a> / <a href="https://learn.microsoft.com/en-us/entra/identity/saas-apps/frontify-tutorial" rel="nofollow noopener noreferrer" target="_blank">Tutorial</a>

Browse to Identity &gt; Applications &gt; Enterprise applications &gt; Frontify &gt; Single sign-on.

On the Select a single sign-on method page, select SAML.

On the Set up single sign-on with SAML page, click the pencil icon for Basic SAML Configuration to edit the settings.

Within the Basic SAML Configuration please add those URLs and replace DOMAIN with your current Frontify URL.

Identifier (SP Entity ID): <a href="https://DOMAIN/api/auth/saml/metadata/" rel="nofollow noopener noreferrer" target="_blank">https://DOMAIN/api/auth/saml/metadata/</a>

Reply URL (ACS URL): <a href="https://DOMAIN/api/auth/saml/acs/" rel="nofollow noopener noreferrer" target="_blank">https://DOMAIN/api/auth/saml/acs/</a>

Sign on URL: <a href="https://DOMAIN/api/auth/saml/" rel="nofollow noopener noreferrer" target="_blank">https://DOMAIN/api/auth/saml/</a>

Relay State: <a href="https://DOMAIN/" rel="nofollow noopener noreferrer" target="_blank">https://DOMAIN/</a>

Logout URL: <a href="https://DOMAIN/api/auth/saml/sls/" rel="nofollow noopener noreferrer" target="_blank">https://DOMAIN/api/auth/saml/sls/</a>

- Identifier (SP Entity ID): <a href="https://DOMAIN/api/auth/saml/metadata/" rel="nofollow noopener noreferrer" target="_blank">https://DOMAIN/api/auth/saml/metadata/</a>
- Reply URL (ACS URL): <a href="https://DOMAIN/api/auth/saml/acs/" rel="nofollow noopener noreferrer" target="_blank">https://DOMAIN/api/auth/saml/acs/</a>
- Sign on URL: <a href="https://DOMAIN/api/auth/saml/" rel="nofollow noopener noreferrer" target="_blank">https://DOMAIN/api/auth/saml/</a>
- Relay State: <a href="https://DOMAIN/" rel="nofollow noopener noreferrer" target="_blank">https://DOMAIN/</a>
- Logout URL: <a href="https://DOMAIN/api/auth/saml/sls/" rel="nofollow noopener noreferrer" target="_blank">https://DOMAIN/api/auth/saml/sls/</a>

* Please be aware that configuring the Relay State and Logout URL as mandatory, rather than optional as offered by Entra, is essential.

After clicking on each claim, you can edit them to be mapped to the Frontify required attributes (User.email, User.FirstName, User.LastName) like this:

From the SAML Signing Certificate section, download the Federation metadata XML file or copy the App Federation Metadata Url and pass it on to your Frontify contact.

Please see the general overview on setting up group mapping <a href="https://help.frontify.com/en/articles/2425856-sso-user-groups-mapping">here</a>.

After adding the groups attribute to your Attributes &amp; Claims, you can choose which Entra groups should be sent to Frontify with users. This is helpful if you have many Entra groups and only want some groups to be mapped to Frontify.

Important to note: assigning groups to the application is separate from user provisioning. You might provision only certain groups to have access to Frontify but what we are referring to in Attributes &amp; Claims are what groups are being sent to Frontify for group mapping.

You can follow the screenshots below to Add group claims:

Recommended: If possible, configure the group claim to send a human-readable group name (not the group object ID / GUID) to Frontify. This will make it easier for Frontify Admins to map Entra groups to Frontify groups.

For Active Directory–synced groups, this is typically <code>sAMAccountName</code>.

For cloud-only groups, configure the claim to send the <code>Cloud-only group display names</code>.

- For Active Directory–synced groups, this is typically <code>sAMAccountName</code>.
- For cloud-only groups, configure the claim to send the <code>Cloud-only group display names</code>.

Ensure that the value sent in the SAML token exactly matches the group name configured in Frontify. This must be a match whether the text-base group name is sent or the numerical ID.

To do this, a Frontify Admin must add that user group name in the "SSO group mapping" field in Frontify in order to map users to the associated Frontify group:

Detailed information about SSO group mapping can be found in <a href="https://help.frontify.com/en/articles/2425856-sso-user-groups-mapping">this article</a>.

This example shows you how to configure Microsoft Entra for Frontify.

SSO - Microsoft Entra (Azure AD) Configuration Example

Frontify Support

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

Advertising cookies are set by our advertising partners to collect information about your use of the site, our communications, and other online services over time and with different browsers and devices. They use this information to show you ads online that they think will interest you and measure the ads' performance. Social media cookies are set by social media platforms to enable you to share content on those platforms, and are capable of tracking information about your activity across other online services for use as described in their privacy policies.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

These cookies are necessary for the website to function and cannot be switched off in our systems.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Empty Help Center

Uh oh. That page doesn’t exist.

Home

Search results

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

SSO - Microsoft Entra (Azure AD) Configuration Example

Getting started

MS Entra - Configuration example

Group Mapping with Entra