Skip to main content
This document covers step two of the Single sign-on (SSO) setup process, and shouldn’t be completed independently.
  1. Log in to the Microsoft Azure portal, and click Microsoft Entra ID. Microsoft Entra ID
  2. At the top of the Overview page, click the Add menu, and select Enterprise application. Enterprise application
  3. At the top of Browse Microsoft Entra Gallery, click Create your own application. Create application
  4. Enter a name for the application, such as Matillion, and select the Integrate any other application you don’t find in the gallery (Non-gallery) radio button. Radio button selection
  5. Expand the Manage section on the left, and click Single sign-on. Manage single sign-on
  6. Click the SAML tile to select SAML as the single sign-on method. SAML tile
  7. Click the Edit button on the Basic SAML Configuration card. Edit Basic SAML Configuration
  8. Enter the following, and click Save:
    • Identifier: urn:auth0:matillion:[domain]-saml replacing [domain] with your primary email domain, and converting any special characters to dashes. For instance example.com would become urn:auth0:matillion:example-com-saml.
    • Reply URL: https://id.matillion.com/login/callback.
    • Sign on URL: https://app.matillion.com.
    Basic SAML Configuration settings
    The Relay State will be provided by Matillion later, and will be added here before testing. No other configuration should be changed at that stage.
  9. Click the Edit button on the User Attributes & Claims card. Attributes & Claims selection
  10. Under Claim name, click anywhere in the Unique User Identifier (Name ID) row, except the menu, to edit it. Claim name
  11. Change the claim to something unique and immutable for each user, such as user.employeeid, and click Save. Manage claim
    The default value, user.principalname, is typically an email address and shouldn’t be used. The value selected here is used internally by the identity provider (as the sub claim) to uniquely identify users. It’s never visible in either system, and regardless of this setting, users will always sign in using their email address.Leaving the default value in place can cause issues if it changes in the future. In that case, Matillion would treat the user as a new account, resulting in the loss of the original user profile.Any value that is both unique to each user and guaranteed not to change can be used. Because each setup is different, Matillion cannot provide guidance on creating a unique claim in Entra ID. However, the exact value being sent can be verified during the testing phase, before the configuration is activated and affects user logins.
  12. At the top of Attributes & Claims, click Add new claim. Add new claim
  13. Set the Name of the claim to email_verified, type the word “true” in the Source attribute box, then select true from the drop-down, and click Save. This ensures that users aren’t prompted to verify their email address with Matillion. Manage claim settings
  14. Click the browser back button twice to return to the Single sign-on page.
  15. Click Download on the Certificate (Base64) row of the SAML Certificates card, and save it somewhere you can refer to later. Download certificate
  16. Copy and make a note of the Login URL from the Set up [Application name] card. Copy Login URL
  17. Select User and groups from the menu on the left, and at the top, click Add user/group. Add user/group
  18. Click None selected in the Users and groups section. Select users and groups
  19. Search for and add the users and groups that you want to allow to sign in to Matillion. Search and add users
  20. Continue the steps in Single sign-on (SSO) setup.