SAML SSO with Microsoft Entra

Enable users to log in to IRIS Clarity with their Microsoft credentials via SSO.

Configure SSO in the IRIS Dashboard

  1. Head to the IRIS Clarity dashboard and navigate to the SSO settings page: Team > Manage team > Configure SSO. This will open a step-by-step guide to setting up SSO.
  2. Enter a domain name. This must be unique to you (we will verify that it is available)
    Alphanumeric (numbers and/or letters)
    Lower case
    No special characters (!@£$%^&*()_-+=)
    No spaces
    4-40 characters in length 

    Examples
    ✅ shapedbyiris  
    ✅ shapedbyiris2 
    ❌ shapedbyIRIS 
    ❌ shaped.by-iris 
Add IRIS Clarity app to Azure
  1. To add IRIS Clarity as an application open the Enterprise applications page the Azure portal
  2. Click + New application
  3. Click + Create your own application
  4. Give it a name e.g. IRIS Clarity
  5. Ensure the following checkbox is ticked Integrate any other application you don't find in the gallery (Non-gallery)
  6. Click Create.

Configure Single sign-on in Azure

  1. Select Single sign-on in the left side panel
  2. Select SAML from the options
  3. Under Basic SAML Configuration, click Edit to make changes
  4. Under Identifier (Entity ID), click Add identifier and paste the Identifier (Entity ID) link that was generated in the IRIS Clarity dashboard.
  5. Under Reply URL (Assertion Consumer Service URL), click Add reply URL and paste the Reply URL (Assertion Consumer Service URL) link that was generated in the IRIS Clarity dashboard.
  6. Click Save at the top of the screen. Ensure all details are correct. You will be unable to edit this after you hit save.
  7. In the SAML Certificates section of Azure ID, copy the App Federation Metadata Url
    Example: https://login.microsoftonline.com/3e6bb012353ce-37d3-4967-a135-167cd812312358c72c/federationmetadata/2007-06/federationmetadata.xml?appid=97b8550f-1e13-4f21-891123235179-e12bc1b31393ba 
  8. In the IRIS Clarity Dashboard, paste this url in the App Federation Metadata Url section
  9. Click Save.
    No further configuration is needed in the IRIS Clarity dashboard.
  10. You can return to SSO configuration section in the Azure AD tab later to test the SSO flow. 

Grant permissions to the Enterprise Application

  1. Go to App registrations (or search for App Registrations in the main search bar)
  2. Select All Applications and click the IRIS Clarity application you have just created
  3. In the left side panel select API Permissions > Add a permission > Microsoft Graph > Delegated Permissions > Search for and check the following permissions,
    User.Read
    User.Read.All
     
  4. Click Add permissions

Add users

  1. Add users / groups to your Enterprise Application from the Azure portal.
  2. Invite users with their AD emails to IRIS from the IRIS account dashboard. To ensure that new users can login with SSO without intially logging in with an email and password, check "Users will only be able to login with SSO" before inviting users.

Test Single Sign-On


You can now test that single sign-on has been configured correctly from the Single sign-on page for your enterprise application by clicking the "Test this application" tab and following the authentication flow.