Skip to main content

SAML2 Authentication with Azure Active Directory

Enable secure Single Sign-On (SSO) and automatic user provisioning using Microsoft Azure AD (Entra ID).

Screenloop supports SAML2 authentication through Azure Active Directory, allowing your organisation to centralise access management and simplify onboarding for users.

Who can use this?

  • Screenloop Admin users

  • Organisations using Azure Active Directory (Entra ID)

Before you begin

Make sure you have:

  • Admin access in Screenloop

  • Admin access to Azure Portal

  • Permission to create Enterprise Applications in Azure

Enable SAML2 Authentication in Screenloop

  • Go to Settings > Authentication

  • Select SAML2 provider for automatic sign-up

This allows users in your organisation to authenticate through Azure AD.

Create an Enterprise Application in Azure

In Azure Portal:

  • Navigate to Enterprise Applications

  • Click New Application

  • Select Create your own application

  • Enter the application name: Screenloop

  • Choose:
    ​Integrate any other application you don't find in the gallery (Non-gallery)

Microsoft may take up to 2 minutes to create the application.

Configure Users and Groups

Inside the new application:

  • Assign the users and/or groups who should access Screenloop

Configure Single Sign-On (SAML)

  • Open Single Sign-On

  • Select SAML

Basic SAML Configuration

Click Edit and enter:

Identifier (Entity ID)

https://app.screenloop.com/auth/saml/metadata

Reply URL (Assertion Consumer Service URL)

https://app.screenloop.com/auth/saml/auth

Configure Claims

Under Attributes & Claims, add the following custom claims.

Field

Value

Name

first_name

Name format

Omitted (default)

Source

Attribute

Source attribute

user.givenname

Field

Value

Name

last_name

Name format

Omitted (default)

Source

Attribute

Source attribute

user.surname

Download Federation Metadata XML

  • Download the Federation Metadata XML file from Azure

  • This file will be uploaded into Screenloop

Configure SSO in Screenloop

In Screenloop:

  • Go to Settings > Authentication

  • Open SSO via SAML2

  • Click Upload File

  • Upload the Federation Metadata XML file

Enable Just-In-Time Provisioning

After uploading the XML file:

  • Enable Just In Time Provisioning

This automatically creates user accounts when users sign in for the first time using SSO.

This reduces manual onboarding work for Admins.

Test the Integration

Back in Azure Portal:

  • Open the Screenloop Enterprise Application

  • Click Test

  • Select Test Single Sign-On with Screenloop

If login succeeds, the integration has been configured correctly.

Existing Users

Existing Screenloop users will automatically authenticate using Azure AD once enabled.

No new account creation or migration is required.

Important Notes

  • Incorrect Entity ID or Reply URL will prevent login from working

  • Admin permissions are required in both Azure and Screenloop

  • Users must be assigned to the Enterprise Application in Azure

  • JIT provisioning automatically creates accounts for first-time users

Recommended Best Practices

  • Use Azure groups to manage Screenloop access at scale

  • Test with a small pilot group before organisation-wide rollout

  • Keep your metadata XML updated if Azure certificates rotate

  • Enable JIT provisioning to streamline onboarding

Related Articles
Google Authentication (SSO) Setup
SAML2 Authentication with Okta
Did this answer your question?