SSO Setup (Microsoft Entra / Azure AD)
Configure SAML 2.0 single sign-on between Microsoft Entra and Vrex
This page covers SAML 2.0 SSO setup between Microsoft Entra (Azure AD) and Vrex. Other identity providers (Okta, Google Workspace, etc.) are supported — contact admin@vixel.no for guidance on those.
Prerequisites
- Microsoft Entra access with rights to create enterprise applications
- Permission to manage your organisation’s domain configuration
- A Vrex account or a contact at Vrex
Step 1: Create a new enterprise application
- Go to the Microsoft Entra admin portal
- Navigate to Enterprise Applications → New Application
- Select Create your own application
- Name it Vrex (or Vrex SSO)
- Choose Integrate any other application you don’t find in the gallery (Non-gallery)
- Click Create
Step 2: Configure SAML
- In the new application, go to Single sign-on
- Select SAML as the sign-on method
- Click Edit on the Basic SAML Configuration section
- Enter the following values — use copy/paste to avoid typos:
| Field | Value |
|---|---|
| Identifier (Entity ID) | urn:amazon:cognito:sp:eu-central-1_FRYkSJ41S |
| Reply URL (ACS URL) | https://auth.vrex.no/saml2/idpresponse |
- Save the configuration
Step 3: Claims mapping
Under Attributes & Claims, click Edit. Confirm the following claims are present, or add them manually:
| Claim name | Value |
|---|---|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress | user.mail |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname | user.givenname |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname | user.surname |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/userid | user.userprincipalname |
email is required. The name claims are strongly recommended for user display in sessions.
Step 4: Send to Vrex
- In the SAML configuration overview, copy the App Federation Metadata URL
- Email the following to admin@vixel.no:
Subject: SSO Setup — [Your Company Name]
Company name:
SSO app name:
Federation Metadata URL:
Email domain (e.g. company.com):
Vrex will configure their system to trust your Entra identity provider and confirm by reply. Expect a response within one business day.
Step 5: Enable SSO in Vrex admin
After Vrex confirms the configuration is active:
- Log in to the Vrex Client Admin Panel
- Go to App Clients → [Your Client App] → Edit managed login page configuration
- Enable the new identity provider (it will appear as
yourcompany-Entraor similar)
Your users can now sign in to Vrex with their Entra credentials. Accounts are created automatically on first login — no manual licence assignment needed.
Troubleshooting
| Symptom | Check |
|---|---|
| Login redirects back without signing in | Verify Entity ID and ACS URL are entered exactly — no trailing spaces |
| “User not found” after redirect | Confirm the email claim is mapped and the address matches a Vrex-enabled domain |
| SAML assertion error | Check that the Federation Metadata URL is the App Federation Metadata URL, not the directory-level URL |
| SSO option not appearing in Vrex login | Step 5 may not be complete — check the admin panel |
| Works for some users, not others | Confirm those users are assigned to the enterprise application in Entra |
Still stuck? Email admin@vixel.no with a description and any error messages.