Skip to main content
All CollectionsPlatformSingle Sign-On (SSO)
SSO - Microsoft Entra (Azure AD) Configuration Example
SSO - Microsoft Entra (Azure AD) Configuration Example

This example shows you how to configure Microsoft Entra for Frontify.

Updated over 3 months ago

SSO (Single Sign-On) offers a quick and convenient login method for all employees. With SSO, you can automatically grant viewing access to all, or selected, employees within your company. SSO is available as an add-on for Enterprise accounts. For more details, please refer to our introduction and FAQ.


To begin the SSO setup process, contact your Customer Success Manager.

If you're using MS Entra, you can refer to the example below during the setup.


Frontify is part of the Microsoft Entra App Gallery:

Browse to Identity > Applications > Enterprise applications > Frontify > Single sign-on.

On the Select a single sign-on method page, select SAML.

On the Set up single sign-on with SAML page, click the pencil icon for Basic SAML Configuration to edit the settings.

Within the Basic SAML Configuration please add those URLs and replace DOMAIN with your current Frontify URL.

  • Identifier (SP Entity ID): https://DOMAIN/api/auth/saml/metadata/

  • Reply URL (ACS URL): https://DOMAIN/api/auth/saml/acs/

  • Sign on URL: https://DOMAIN/

  • Relay State: https://DOMAIN/

  • Logout URL: https://DOMAIN/api/auth/saml/sls/

* Please be aware that configuring the Relay State and Logout URL as mandatory, rather than optional as offered by Entra, is essential.

From the SAML Signing Certificate section, download the Federation metadata XML file or copy the App Federation Metadata Url and pass it on to your Frontify contact.


Group Mapping with Entra

Please see the general overview on setting up group mapping here.

After adding the groups attribute to your Attributes & Claims, you can choose which Entra groups should be sent to Frontify with users. This is helpful if you have many Entra groups and only want some groups to be mapped to Frontify.

Important to note: assigning groups to the application is separate from user provisioning. You might provision only certain groups to have access to Frontify but what we are referring to in Attributes & Claims are what groups are being sent to Frontify for group mapping.

You can follow the screenshots below to Add group claims:

Of course, don't forget to then add that user group name in the "SSO group mapping" field in Frontify in order to add users to the associated Frontify group:

Detailed information about SSO group mapping can be found in this article.

Did this answer your question?