Set up SSO for your organization

Skip to:

• Key terms & definitions
• Required information
• Setup guides for common providers
• Enable & configure SSO
• Troubleshooting tips

 

Key terms & definitions

Here are some common terms you may encounter when setting up SSO. 

Identity Provider (IdP): The system that verifies who you are.
Ex: Microsoft Entra (Azure AD), Google Workspace, Okta.

Service Provider (SP): The app you want to access — in this case, Passare.

Service Provider Issuer: Unique identifier for Passare in the SSO exchange.

Service Provider Entity ID: Identifier Passare expects your IdP to recognize when sending back the SAML response.

Identity Provider Sign-in URL / SSO URL: IdP endpoint where Passare sends users to log in.

X.509 Certificate: Security certificate provided by your IdP that Passare uses for verification.

NameID / User Identifier: The unique way your IdP identifies users — usually their email address.

 

Required information

To get started, you'll need to collect the following information from your identify provider (IdP) to enter into Passare's SSO settings:

• Service Provider Issuer 

• Identity Provider Sign-in URL
  Ex: https://your-company.microsoft.com/app/.../sso/saml

• Domains 

• User Identifier Format 

• Service Provider Entity ID 

• Public X.509 Certificate 

 

Setup guides for common providers

Find your identity provider (IdP) below to see a brief setup guide.

Microsoft Entra (Azure AD)

• Sign in to the Microsoft Entra (Azure AD) admin center and navigate to Enterprise Applications > New Application > Non-gallery / Custom.

• Choose SAML as the single sign-on method.

• Configure and record the Login URL, Identifier (Entity ID), Reply URL (Assertion Consumer Service URL), and download the Certificate (Raw).

• Enter those values into Passare's respective fields.

• See more details for Microsoft Azure AD setup here

Google Workspace

• In the Google Admin console, go to Apps > Web and Mobile Apps > Add App > Add custom SMAL app.
  

• Name your app (e.g. "Passare").

• Google will provide the SSO URL, Entity ID, and X.509 Certificate. Copy these values in the Passare's respective fields.

• Enter Passare's Entity ID / ACS URL into the Google setup to complete the trust. [CHECK]

• See more details for Google Workspace set up here

Okta

• Log in to the Okta Admin Console and navigate to Applications > Create App Integration > and choose SAML 2.0.

• Configure the Single Sign-on URL, Audience URI (Service Provider Entity ID), and obtain the X.509 Certificate in the Sign On tab.

• Copy these values into the respective Passare fields.

• See more details for Okta setup here

Other providers

If your IdP isn’t listed here, don’t worry — Passare supports any provider that uses the SAML protocol. Each provider will have its own instructions for finding the required values (Sign-in URL, Entity ID, Certificate, etc.).

We recommend reaching out to your IdP's support team or checking their documentation for the correct details. Once you have them, enter the values into Passare’s Authentication settings page.

 

Enable & configure SSO

After you've gathered the required information, go to your Passare settings.

Navigate to Organization > Authentication.

Toggle Single sign-on ON.

Enter the information from your IdP into the provided fields and click Save.

Test the SSO connection by logging out and attempting SSO login.

 

Troubleshooting tips

Mismatched Issuer/Entity IDs - Make sure they match what's in your IdP.

Expired Certificate - Update the X.509 certificate if authentication suddenly fails.

Case Sensitivity - Email addresses and identifiers are often case-sensitive.

 

 

Need help? Email us at support@passare.com or call (800) 692-5111.