Set up SSO for your organization
Learn how to enable and configure single sign-on (SSO) for your organization.
Skip to:
- Key terms & definitions
- Required information
- Setup guides for common providers
- Enable & configure SSO
- Troubleshooting tips
Passare supports Single sign-on (SSO) using SAML 2.0, allowing you to use your organization's identity provider (IdP) for faster, more secure authentication.
Key terms & definitions
Here are some common terms you may encounter when setting up SSO.
Identity Provider (IdP): The system that verifies who you are.
Ex: Microsoft Entra (Azure AD), Google Workspace, Okta.
Service Provider (SP): The app you want to access — in this case, Passare.
Service Provider Issuer: Unique identifier for Passare in the SSO exchange.
Service Provider Entity ID: Identifier Passare expects your IdP to recognize when sending back the SAML response.
Identity Provider Sign-in URL / SSO URL: IdP endpoint where Passare sends users to log in.
X.509 Certificate: Security certificate provided by your IdP that Passare uses for verification.
NameID / User Identifier: The unique way your IdP identifies users — usually their email address.
Required information
To get started, you'll need to collect the following information from your identify provider (IdP) to enter into Passare's SSO settings:
-
Service Provider Issuer
-
Identity Provider Sign-in URL
Ex: https://your-company.microsoft.com/app/.../sso/saml -
Domains
-
User Identifier Format
-
Service Provider Entity ID
-
Public X.509 Certificate
Setup guides for common providers
Find your identity provider (IdP) below to see a brief setup guide.
If you don't see your provider listed below, visit their website or contact them directly for additional support.
Microsoft Entra (Azure AD)
-
Sign in to the Microsoft Entra (Azure AD) admin center and navigate to Enterprise Applications > New Application > Non-gallery / Custom.
-
Choose SAML as the single sign-on method.
-
Configure and record the Login URL, Identifier (Entity ID), Reply URL (Assertion Consumer Service URL), and download the Certificate (Raw).
-
Enter those values into Passare's respective fields.
Google Workspace
-
In the Google Admin console, go to Apps > Web and Mobile Apps > Add App > Add custom SMAL app.
-
Name your app (e.g. "Passare").
-
Google will provide the SSO URL, Entity ID, and X.509 Certificate. Copy these values in the Passare's respective fields.
-
Enter Passare's Entity ID / ACS URL into the Google setup to complete the trust. [CHECK]
Okta
-
Log in to the Okta Admin Console and navigate to Applications > Create App Integration > and choose SAML 2.0.
-
Configure the Single Sign-on URL, Audience URI (Service Provider Entity ID), and obtain the X.509 Certificate in the Sign On tab.
-
Copy these values into the respective Passare fields.
Other providers
If your IdP isn’t listed here, don’t worry — Passare supports any provider that uses the SAML protocol. Each provider will have its own instructions for finding the required values (Sign-in URL, Entity ID, Certificate, etc.).
We recommend reaching out to your IdP's support team or checking their documentation for the correct details. Once you have them, enter the values into Passare’s Authentication settings page.
Enable & configure SSO
After you've gathered the required information, go to your Passare settings.
Navigate to Organization > Authentication.
Toggle Single sign-on ON.
Enter the information from your IdP into the provided fields and click Save.
Test the SSO connection by logging out and attempting SSO login.
Troubleshooting tips
Mismatched Issuer/Entity IDs - Make sure they match what's in your IdP.
Expired Certificate - Update the X.509 certificate if authentication suddenly fails.
Case Sensitivity - Email addresses and identifiers are often case-sensitive.
Need help? Email us at support@passare.com or call (800) 692-5111.