Configuring Entra ID for SAML

You can read the full configuration tutorial from Microsoft here.

Configuration

1. Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
2. Browse to Identity > Applications > Enterprise applications > New application.
3. In the Add from the gallery section, type Microsoft Entra SAML Toolkit in the search box.
4. Select Microsoft Entra SAML Toolkit from results panel and then add the app. Wait a few seconds while the app is added to your tenant.

‍

Toolkit Configuration

1. Input Reply URL (Assertion Consumer Service URL) (see below for instructions)
2. Input Sign-On URL (see below for instructions)
3. Input Identifier (Entity ID): should be matched with the Issuer on the Admin site.
4. Claim http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name should match with Unique Identifier in the Checkbox application.
5. Add People and Groups to the Application

‍

Constructing the Reply URL

‍

Checkbox Online

The URL should take the following format:

https://{api-host}/v1/{account-name}/saml/assertion-consumer-service

Where the variables are defined as follows:

• {account-name} - the name of the account that you used on the login page.
• {api-host} - the hostname, depends on region:
  • US - api.checkbox.com
  • CA - api.checkbox.ca
  • EU - api.ckbxeu.com
  • AU - api.checkboxau.com

‍

Checkbox On-Premises

The URL should take the following format:‍

https://{api-host}/v1/saml/assertion-consumer-service

Where {api-host} is the hostname used for your On-Premises installation of Checkbox.

‍

Constructing the Sign-On URL

Unnecessary, but it is used for testing the connection from Toolkit.

‍

Checkbox Online

The URL should take the following format:

https://{api-host}/v1/{account-name}/saml/init-sso?returnUrl=https://{admin-host}/login?saml_token=saml_token_value

Where the variables are defined as follows:

• {account-name} - the name of the account that you used on the login page.
• {api-host} - the hostname, depending on region:
  • US - api.checkbox.com
  • CA - api.checkbox.ca
  • EU - api.ckbxeu.com
  • AU - api.checkboxau.com
• {admin-host} - the hostname of Admin application, depending on the region.
  • US - app.checkbox.com‍
  • CA - app.checkbox.ca
  • EU - app.ckbxeu.com
  • AU - app.checkboxau.com

‍

Checkbox On-Premises

The URL should take the following format:

https://{api-host}/v1/saml/init-sso?returnUrl=https://{admin-host}/login?saml_token=saml_token_value

Where the variables are defined as follows:

• {api-host} - the hostname of the Survey application
• {admin-host} - the hostname of the Admin application

‍

Properties of Entra ID Configuration

Metadata URL

Issuer

Signature algorithm

‍