Azure AD

This article contains information on how to configure the logging-in process with SAML.

General requirements and limitations

Logging into Xopero ONE using SAML-integrated identity providers should be initiated from the Xopero ONE panel.

Do not log in from the IdP panel (e.g. from the Okta panel) to the application defined for Xopero ONE.

Do not test the integration from the IdP panel (e.g., from the Azure panel), as this will initiate a login from the IdP panel


In order to set up SAML integration on Xopero ONE login to, select Azure Active Directory and click Enterprise applications.

Use New application button and then Create your own application.

Enter a custom name for the app and select Integrate any other application you don’t find in the gallery(Non-gallery).

Confirm the configuration with Create button.

Open the Single sign-on tab and select SAML.

Set up Basic SAML configuration by using the Edit button.

Set up a unique Identifier i.e. SAMLTestAzure

Reply URL to https://XoperoONEManagementServiceURL/Auth/AssertionConsumerService

Logout URL to https://XoperoONEManagementServiceURL/auth/SAMLLogoutResponse where:

XoperoONEManagementServiceURL - URL address to your Xopero ONE Management Service

After that, use the Save button.

Click the Edit button next to Attributes & Claims and use Add a group claim button.

Select All groups and go to Advanced options. Check the Filter group box and fill in the fields as follows:

Attribute to match: Display name Match with: Prefix String: XONE

After that check the box next to Customize the name of the group claim option. Enter xoperogroup in the Name field and save your settings using the Save button.

Go back to the SAML-based Sing-on page and copy App Federation Metadata Url.

After saving these settings open the Users and groups tab and click Add user/group button, select the users that you want to be able to log into the Xopero ONE application and save your settings.

Xopero ONE side

Log into the Xopero ONE Web panel, go to the Settings tab and open the External Identity Providers section. Click Add new provider button and fill in the details.

At first, Name, which is your own custom name - i.e. Azure AD, then Entity ID, so in this example, it is SAMLTestAzure (Identifier that we’ve set on the AzureAD side).

Next, paste the App Federation Metadata Url (in the case of Azure AD) into the Metadata URL field.

Last updated