SSO Implementation in Azure (Microsoft)

Prerequisites:

Before configuring SSO, it is essential to ensure the following:

  • Have a ZapSign account and make sure you have an administrator user. To validate your user's permission level, click here.
  • Have a custom plan to have the SSO functionality enabled. If this functionality is not enabled, contact the sales team by clicking here.
  • An administrator user in Azure.

SSO Configuration:

  1. In the ZapSign account, go to the "Settings > Organization > Users" section, enable the switch to the right of the Single Sign-On (SSO) title, and click on the "Configure SSO" button.
  2. In step 1 of the ZapSign configuration, copy the metadata URL (https://api.zapsign.com.br/saml2/metadata/) which will be used later in Azure.
  3. In Azure, create a new "Enterprise application" or click on an existing one.
    1. When creating a new application, select the option "Integrate any other application you don't find in the gallery".
    2. Select the second option "Set up single sign on" and the "SAML" method.
  4. After selecting the application, click on the "Single Sign-on" option in the left sidebar.
  5. In Azure, in the first step "Basic SAML Configuration", click on "Edit". In "Identifier (Entity ID)", paste the ZapSign value from step 1 of metadata. And in Reply URL (Assertion Consumer Service URL), paste the following link: https://api.zapsign.com.br/saml2/acs/
  6. In step 3 of Azure, copy the "App Federation Metadata URL" field.

  7. In the second step of ZapSign (Load Provider Metadata), paste the URL you copied from point 2.
  8. In ZapSign, in step 3, define the organization ID. Users who are going to log in to ZapSign must know this ID to be redirected to Microsoft and sign in. To define it, click on the "Define Organization Login ID" button.
  9. Click on the "Save settings" button and the information will be sent to the ZapSign technical team to enable SSO on the account. The configuration will be active after 7 business days and will be confirmed by email.

Note: Once the account has SSO configured, users will not be able to log in using any other method.