1. Login to your Teramind Dashboard.

2. Click the Gear icon near the top-right corner of the Dashboard, select Settings. Then, select the Security tab:

3. Turn on the SINGLE-SIGN-ON AUTHENTICATION under the Dashboard authentication section. This will show additional options under the Single Sign On Authentication section.

4. Note/copy the information in the TERAMIND CALL BACK URL and TERAMIND ENTITY ID fields. You will need them to set up the Azure configuration later (Step 16).

5. Log in to your Microsoft Azure Portal.

6. Search for Enterprise applications from the top Search Bar and select Enterprise applications:

7. Click the +New application button:

8. From the Browse Microsoft Entra Gallery screen, click the +Create your own application button, and enter a name like 'Teramind Single Sign-On' and click the Create button:

9. From the Overview screen, click the Assign users and groups link:

10. From the Users and groups screen, click the +Add user/group button:

11. From the Add Assignment screen, click the None Selected link:

12. From the Add Assignment screen, under the Users panel, select the users that will need SSO access by clicking the checkboxes in front of their names. Then click the Select button:

13. From the Add Assignment screen, click the Assign button:

14. From the Single sign-on screen, click the Single sign-on link on left panel and select the SAML option:

15. From the SAML-based Sign-on screen, under the Basic SAML Configuration section, click the Edit icon:

16. From the Basic SAML Configuration screen, click the Add identifier and the Add reply URL links and enter the TERAMIND CALLBACK URL and TERAMIND ENTITY ID from your Teramind Dashboard (Step 4). Click the Save button and close the right panel:

17. From the SAML-based Sign on screen, click the Edit icon under the Attributes & Claims section:

18. From the Attributes & Claims screen, remove the user.principalname… value from the Additional claims list by clicking on the ··· three dot menu then the Delete button.

It should look like the screenshot below. Click the X at the top-right corner to close the Attributes & Claims screen.

19. From the SAML Certificates screen, click the Certificate (Base 64) Download link and open that file in Notepad:

20. Copy the entire certificate, including the header and footer, and paste it into your Teramind server in the Settings > Security > Single Sign-On section > IDENTITY PROVIDER CERTIFICATE field:

21. On your Azure Portal, from the SAML-based Sing-on screen, select the Single sign-on option on the left panel. Then, under the Set up Single Sign-On copy the Login URL value:

22. Paste/enter the Login URL you copied in the previous step into the Identity Provider Authentication URL field on the Teramind Dashboard:

23. On your Azure Portal, from the SAML-based Sing-on screen, select the Single sign-on option on the left panel. Then, under the Set up Single Sign-On copy the Microsoft Entra Identifier value:

24. Paste/enter the Login URL you copied in the previous step into the IDENTITY PROVIDER ENTITY ID field on the Teramind Dashboard:

25. On the Teramind Dashboard, ensure that SIGN AUTHORIZATION REQUESTS and WANT ASSERTIONS SIGNED are both checked, then click SAVE.

26. On the Teramind Dashboard, under the employee’s profile (click Employees > select an employee > EDIT PROFILE button), ensure that the FIRST NAME, LAST NAME and EMAIL match with what are configured for the user on the Azure Portal (Step 12):

You should now be able to authenticate to your Teramind Dashboard via Azure SSO. To debug, you can use a tool like the SAML-tracer* extension to verify if the SAML traffic is showing the correct SAML assertions and certificate.