Configure SSO with Microsoft Entra ID

This guide covers the configuration steps required to integrate NeoLoad Web with Microsoft Entra ID. It's designed for collaboration between IdP administrators and NeoLoad Web administrators.

For general SSO concepts and additional configuration options, check out Single Sign-On.

Before you start

Make sure you meet the following prerequisites:

  • Administrative access to your Microsoft Entra ID tenant (opens in new tab).

  • Administrative access to NeoLoad Web.

  • The NeoLoad Web domain URL where users will access the application.

  • Understanding of SAML 2.0 authentication concepts.

Configure Microsoft Entra ID

To integrate NeoLoad Web with Microsoft Entra ID, add NeoLoad Web as an enterprise application. For information on how to create applications in Microsoft Entra ID, check out the Microsoft Entra ID documentation (opens in new tab).

For NeoLoad Web, configure the following:

  • Identifier (Entity ID): Set to a unique value that you'll use in NeoLoad Web.

  • Reply URL (Assertion Consumer Service URL): Set to https://<your-NLW-domain>/sso/saml.

  • Sign on URL: Set to your NeoLoad Web login page.

  • firstName claim: Map to user.givenname.

  • lastName claim: Map to user.surname.

Configure NeoLoad Web

After configuring Microsoft Entra ID, set up the SSO configuration in NeoLoad Web:

  1. Sign in to NeoLoad Web as an administrator and go to Settings > SSO configuration.

  2. In the Service provider configuration section, configure the following:

    • Service provider entity ID: Set to match the identifier you configured in Microsoft Entra ID.

    • Configure any required certificates and private keys for signing or encryption in PEM format.

    • Always require authentication: Enable if you want users to authenticate each time.

  3. Select Save, then select Edit IdP metadata and paste the SAML metadata content from Microsoft Entra ID.

  4. Select Test SAML request generation to validate the setup.

  5. Enable the Enable SSO toggle. Double-check that the status badge shows Active (green), otherwise SSO won't function properly.

Configure auto-provisioning

After completing the SSO configuration, you can control whether new users are automatically created when they first authenticate through Microsoft Entra ID.

  1. Select the Auto-provisioning tab.

  2. Toggle Enable auto-provisioning of SSO users:

    • Enabled: New Microsoft Entra ID users are automatically provisioned when they authenticate.

    • Disabled: Only existing users can authenticate via SSO.

Troubleshoot common issues

If you encounter problems during setup or testing, verify the following:

  • The Entity ID values match exactly between Microsoft Entra ID and NeoLoad Web.

  • The reply URL in Microsoft Entra ID matches your NeoLoad Web domain.

  • The required user attributes (firstName and lastName) are properly mapped in the SAML claims.

  • Users are assigned to the application in Microsoft Entra ID.

  • The SAML metadata you've pasted into NeoLoad Web is complete and accurate.