Using Azure AD SAML 2.0 to enable users to access Certero there are two parts, creating an app registration in the Azure console and configuring an Authentication Provider in Certero.

Information from one stage is required to complete the other stage, so please ensure no steps are missed.

Creating the Certero Authentication Provider

In the Certero Unified Platform navigate to Administration > Authentication Providers and click '+ New', use the drop-down to select 'SAML 2.0' as the 'Type', enter a name for the provider (i.e. 'Azure SAML 2.0'). We now need to enter a temporary value for the 'Metadata Url' (i.e. 'Anything') and click 'Save'

Now right-click on the newly created authentication provider and select 'Actions > View Endpoints'

Click the copy button highlighted below.

Creating the Azure App Registration

Login to the Azure AD admin center and select 'Azure Active Directory' then 'App registrations' from the menu.

Then click the '+ New registration' button at the top of the page.

Enter a name (i.e. 'Certero', select 'Accounts in this organizational directory only (Certero only - Single tenant)', then under 'Redirect URI (optional) use the drop-down to select 'Web' and paste the URL from the 'View Endpoints' above and click 'Register' at the bottom of the page.

Select 'Add an Application ID URI' from the next screen.

Click 'Set' and then 'Save'

Now click the copy icon and paste it into the 'Application ID' in the 'Authentication Provider' created earlier.

Return to the Azure AD admin center and at the top of the screen click on your tenant name and then 'Endpoints' and click the copy icon for 'Federation metadata document'

Paste this into the 'Metadata URL' in the 'Authentication Provider' created earlier and click 'Save'

Logins can now be created by selecting 'External Account' and entering the user's email address in the 'Username'