Summary
This article explains how to set up Microsoft Entra Single Sign-On (SSO) for UGA applications using SAML 2.0. It covers integration options for Enterprise Applications and App Registrations, and provides guidance on enforcing ArchPass-powered Multi-Factor Authentication through Conditional Access policies.
Body
Microsoft Entra Single Sign-On (SSO) provides secure, centralized authentication for applications using SAML 2.0. This allows UGA users to access multiple applications with one set of credentials and ArchPass-powered Multi-Factor Authentication (MFA).
SSO Integration Options
There are two ways to enable SSO in Microsoft Entra: Enterprise Applications and App Registrations.
Enterprise Applications represent existing apps (often SaaS or third-party) that you want to integrate with Microsoft Entra for authentication.
- When to use:
- You are configuring SSO for a vendor-provided or gallery app (e.g., Salesforce, ServiceNow).
- Supported protocol:
- SAML 2.0 – XML-based standard for exchanging authentication and authorization data.
- Key actions:
- Select the app from the gallery or create a non-gallery app.
- Configure SAML settings (Entity ID, ACS URL, and certificate).
- Assign users and groups for access.
For more information visit Microsoft's documentation on Enabling SAML single sign-on for an enterprise application.
App Registrations represent new or custom applications that you want to integrate with Microsoft Entra for authentication.
- When to use:
- You are building or onboarding a custom app that requires SAML-based authentication.
- Supported protocol:
- SAML 2.0 – Ideal for web-based apps requiring federation.
- Key actions:
- Register the app in Microsoft Entra.
- Configure SAML settings (redirect URIs, token claims).
- Assign users and groups for access.
Microsoft Documentation for Custom applications: Configure OIDC SSO for gallery and custom applications