Configure SAML for Azure Active Directory (AD) 

Written By Devin O'Neill ()

Updated at July 11th, 2025

Learn how to set up Azure AD SSO with Annex Cloud to authenticate users.

Introduction

Integrating Annex Cloud with Azure AD provides the following functionality: 

  • Use Azure AD to control access to the Annex Cloud client portal. 
  • Enable users to use their Azure AD accounts to sign-in to the Annex Cloud client portal. 
  • Use the Azure portal as a central location to manage your accounts. 

Prerequisites

These setup instructions require the following: 

  • An Azure AD subscription.  
  • An Annex Cloud subscription with SSO enabled.

Setup Overview

  1. Create New Enterprise application
  2. Configure Azure AD SSO
  3. Configure Annex Cloud SSO
  4. Test SSO Configuration

Create a New Enterprise Application 

  1. Sign in to your Azure portal. 
  2. From the left-hand menu, click Azure Active Directory. 
  3. Navigate to Manage > Enterprise applications > All applications. 
  4. Click New application. 
  5. Click Create your own application. 
  6. Enter a name for the application.
  7. Select the Non-gallery option
  8. Click the Create button. 

Configure Azure AD SSO

In the Azure Portal:

  1. On the Overview tab, select Set up single sign-on.
  2. Under Select a single sign-on method, select  SAML.

     
  3. On the Set up Single Sign-On with SAML  page, click the pencil icon for Basic SAML Configuration to edit the settings. 

 

Basic SAML Configuration

These values are examples. Use the values from your Identifier, Reply URL and Sign-on URL fields generated in the Annex Cloud portal. 

 
  • Identifier: Type in the URL using the following format, OR  paste the Entity ID from  the Annex Cloud’s SAML SSO Settings page.  
    Entity ID: https://apps.socialannex.com/sso/acs/{SITEID}  
     
  • Reply URL: Type a URL using the following format, OR  paste the Assertion link from Annex Cloud’s SAML SSO Settings page.  
    Assertion Consumer Service (ACS) field: https://apps.socialannex.com/sso/acs/

Add Custom Attribute Mappings 

The Annex Cloud platform expects the SAML assertions in a specific format. You must add custom Attribute Mappings to your SAML token attributes configuration.

This shows the list of default User Attributes & Claims in Azure AD:

Annex Cloud also expects attributes to be passed back in the SAML response. Some of the attributes are prepopulated, but you should review them according to your requirements. The Site ID attribute must be created.  

 Name  Source Attribute 
Emailaddress   user.mail 
Surname   user.surname 
SiteID  You need to add a new claim as described below.
Name   user.displayname 

While adding or updating an attribute, make sure the Name attribute is entered in the Name box and not in the Namespace URL box.

 

Steps to create a new attribute - SiteID

  1. Click the pencil icon of User Attributes & Claim section.

     
  1. Click the Add new claim tab.

     
  2. Enter the siteID in the Name field.

    In the Name field, you must enter the word siteID exactly as shown. Do not replace it with your actual site ID number, this value should remain as siteID.

     
  3. Select the Transformation option in the Source field.
  4. On the Manage transformation screen, complete the Transformation, Parameter, and Attribute name fields as mentioned below.
  5. Regex Pattern: Add the matching pattern in the Regex pattern section. If your users' email addresses follow the format username@yourdomain.com, set the pattern using your domain.

    Examples:
    Single Domain: If the user’s email is jwood@annexcloud.com, the pattern would be: (?'domain'^.*?)(?i)(\@annexcloud\.com)$

    Multiple Domains: To support users with email domains such as annexcloud.com, annexcloud.co.in, or annex.com.au, use the following pattern:
    (?P<domain>^.*?)(?i)(@annexcloud\.(com|co\.in)|@annex\.com\.au)$

    Replace annexcloud.com with your actual domain (e.g., yourcompany.com). Do not copy the pattern exactly unless your domain is annexcloud.com.

     
  6. In the Replacement pattern section, enter the SiteID value provided by Annex Cloud. 
    Example: 9991331
     
  7. To test this transformation, click Test transformation. 
    1. In the Test regex input field, enter the user's email address.
    2. Click Run Test to execute the transformation.
    3. The resulting value should display in the Test Transformation Result field.
      Expected Output: The SiteID provided by Annex Cloud should appear, matching the value entered in Step 7. Example: 99913

      Ensure the correct SiteID appears in the result based on the entered email. This confirms the transformation is working as expected.
       
  8. When you get a correct result, click the Add button in the Manage transformation window.
     
  9. Click the Save in the Manage claim window.

Set up the Application 

To configure Single Sign-On (SSO) in Annex Cloud, follow the steps below:

  • Log in to your Annex Cloud account using a user that has both Customer and SA Admin roles.
  • From the User menu, navigate to the left panel and click Configure SSO to access the Single Sign-On settings.
  • In the Set-Up Application section, enter the following details based on your environment:

  1. Entity ID:
    1. Enter the Entity ID provided by Annex Cloud.
    2. Each SiteID has a different Entity ID.
    3. Refer to this section for the correct value: Basic SAML Configuration – Entity ID
       
  2. Assertion Link:
    1.  Enter the Assertion Link provided by Annex Cloud.
    2.  This may vary depending on your environment.
    3.  Reference: Basic SAML Configuration – Assertion Link
       
  3. Public Certificate:
    1. In your Enterprise Application, go to the Set up single sign-on with SAML page.
    2. Under SAML Signing Certificate, download the Federation Metadata XML or Certificate (Base64).
    3. Open the downloaded file, copy the full code, and paste it into the Public Certificate field in Annex Cloud.


       
  4. Login URL: Copy the Login URL from your Enterprise application and paste it into the Login URL field in Annex Cloud.

Once all fields have been completed and saved, your SSO configuration in Annex Cloud is now set up. You can now proceed to test the configuration to ensure everything is working correctly.

 

Test the SSO Configuration 

Before testing, make sure you have a test user in Azure AD as well as a user with the same email address in Annex Cloud with SSO user type. 

  1. Log into your Annex Cloud account with the provided credentials. 
  2. In the left panel of Users menu, click Manage Users. 

     
  3. Click User Upload > Add Single User. 

     
  4. Complete the fields on the Profile Settings page. Make sure to select the Customer-SSO option as the User Type.

     
  5. On the Annex Cloud login page, click the SSO login icon.

     
  6. Open the SSO login page and enter your email ID. The system verifies SSO access and configuration in the background. Once verified, you will be redirected to the check site page.

     
  7. The Select Site field displays the default site. Use the drop-down list to select a different site if necessary.

     
  8. Click the Proceed button. The system redirects you to the Annex Cloud dashboard page.

Related Articles

List of Standard Actions

The following is a list of standard action IDs available in our loyalty system. A...

Configuring SSO in Annex Cloud

SSO / SAML Authentication  The purpose of this document is to explain how to set ...