For organizations preferring to streamline access management, Atomic provides Single Sign-On (SSO) capabilities, enhancing both security and user experience. In this guide, we’ll walk you through setting up Microsoft Entra ID (formerly Azure AD) as your identity provider for seamless authentication into the Atomic control panel.
Note: Atomic SSO is a plan add-on. Make sure to contact support to add it before proceeding with these steps.
Initial Setup in Atomic
Before configuring Microsoft Entra ID, the SSO feature must be activated within Atomic.
- Start by logging into the Atomic control panel as an Account Owner, Super-Admin, or Sub-Admin.
- On the left side of the screen, select Team.
- Select the Settings tab.
- Select the Begin Setup button to get started.
- On the next screen, you'll be presented with various values that you'll need to provide to your SSO provider. If you're already familiar with the SAML setup process, everything you need will be listed here, and are named the same as what you should see among most identity providers.
In the next section, we'll go over how to create a new app integration using the values provided from within Atomic. Be sure to keep this screen open in a separate browser tab, as you'll need the information later.
Configuring a New Pagely App Integration in Microsoft Entra ID
Now that we've gotten the proper integration values from Atomic, it's time to add the app to Microsoft Entra ID
- Sign in to the Azure Portal and navigate to the Microsoft Entra ID section.
- Select Enterprise Applications.
- Select New Application.
- Select Create your own application.
- Provide a name for the application, such as “Atomic Control Panel”, and select the Non-gallery option.
- Select Create to finish.
Add Users/Groups to the New App
If you’re new to Microsoft Entra ID, make sure you’ve created the relevant users and groups for your organization before proceeding, as these steps will assume they are already available to select.
- Within the new app, select Users and groups from the left-side menu.
- Select Add user/group.
- Select the Users and groups tab.
- Search for the users and groups you want to add to the application, then select them from the list.
- Once you’ve finished your selections, click on Select.
- Click on Assign to finalize your changes.
Set Up Single Sign-On
- Inside the application, select Single sign-on.
- Choose SAML as the method.
- Select Edit next to Basic SAML Configuration.
- Use the information from Atomic to enter the following:
- Enter the Audience URI for the Identifier (Entity ID) field.
- Enter the Single Sign On URL for the Reply URL (Assertion Consumer Service URL) field.
- Enter your Atomic account URL for the Relay State field (https://atomic.pagely.com/account/#####).
- Select Save.
Attribute Statements and Obtaining Metadata for Atomic
- Select Edit in the Attributes & Claims section.
- Edit the user email claim (/emailaddress) to set its source attribute value to
user.userprincipalname
, then select Save.
- Finally, copy the App Federation Metadata URL in the SAML Certificates section. You'll need this for completing the final setup in Atomic.
Completing the Setup in Atomic
- Return to the SSO setup area in the Atomic control panel.
- Enter a name you’ll recognize for the identity provider, such as “Entra ID”.
- Paste the Federation Metadata URL from Microsoft Entra ID into the Metadata URL field and select Continue Setup.
- Select Complete Setup, finalizing your configuration of Microsoft Entra ID as your identity provider for the Atomic control panel.
Note: At this time, the test URL may not work as intended. We recommend testing your new setup by signing into Atomic in a new private browsing session.