Set up SSO for your organization
Learn how to enable and configure single sign-on (SSO) for your organization.
Skip to:
- Key terms & definitions
- Required information
- Setup guides for common providers
- Enable & configure SSO
- Troubleshooting tips
Passare supports Single sign-on (SSO) using SAML 2.0, allowing you to use your organization's identity provider (IdP) for faster, more secure authentication.
Key terms & definitions
Here are some common terms you may encounter when setting up SSO.
Identity Provider (IdP): The system that verifies who you are.
Ex: Microsoft Entra (Azure AD), Google Workspace, Okta.
Service Provider (SP): The app you want to access — in this case, Passare.
Service Provider Issuer: Unique identifier for Passare in the SSO exchange.
Service Provider Entity ID: Identifier Passare expects your IdP to recognize when sending back the SAML response.
Identity Provider Sign-in URL / SSO URL: IdP endpoint where Passare sends users to log in.
X.509 Certificate: Security certificate provided by your IdP that Passare uses for verification.
NameID / User Identifier: The unique way your IdP identifies users — usually their email address.
Required information
To get started, you'll need to collect the following information from your identify provider (IdP) to enter into Passare's SSO settings:
-
Service Provider Issuer
-
Identity Provider Sign-in URL
Ex: https://your-company.microsoft.com/app/.../sso/saml -
Domains
-
User Identifier Format
-
Service Provider Entity ID
-
Public X.509 Certificate
Setup guides for common providers
Find your identity provider (IdP) below to see a brief setup guide.
If you don't see your provider listed below, visit their website or contact them directly for additional support.
Microsoft Entra (Azure AD)
-
Sign in to the Microsoft Entra (Azure AD) admin center and navigate to Enterprise Applications > New application > Create your own application.
-
Type Passare in the "What's the name of your app?" field, then select "Integrate any other application you don't find in the gallery (non-gallery)." Click Create.
-
From the left menu, go to Users and groups > Add user/group, then click None Selected. Add any users/groups that need SSO support and click Assign.
- Next, go to Single sign-on in the left menu and select SAML. Click Edit under "Basic SAML Configuration." Add the identifier and reply URL, then Save.
- Identifier: "passare.com"
- Reply URL: “https://cap.passare.com/users/auth/saml/callback”
- Go to section 3, "SAML Certifications," and download the Certificate (Base64). This document contains most of the values you need for Passare's SSO setup.
- Go to section 4 and copy the Login URL. This will go in the "Identity provider sign in URL" field on Passare's Authentication page.
- Also in section 4, copy the Microsoft Entra Identifier. This will go in the "Service provider entity ID" field on Passare's Authentication page.
- Go to Passare > Settings > Organization > Authentication and enter the Certificate document values into their respective fields.
Google Workspace
-
In the Google Admin console, go to Apps > Web and Mobile Apps > Add App > Add custom SMAL app.
-
Name your app (e.g. "Passare").
-
Google will provide the SSO URL, Entity ID, and X.509 Certificate. Copy these values into Passare's respective fields.
Okta
-
Log in to the Okta Admin Console and navigate to Applications > Create App Integration > and choose SAML 2.0.
-
Configure the Single Sign-on URL, Audience URI (Service Provider Entity ID), and obtain the X.509 Certificate in the Sign On tab.
-
Copy these values into the respective Passare fields.
Other providers
If your IdP isn’t listed here, don’t worry — Passare supports any provider that uses the SAML protocol. Each provider will have its own instructions for finding the required values (Sign-in URL, Entity ID, Certificate, etc.).
We recommend reaching out to your IdP's support team or checking their documentation for the correct details. Once you have them, enter the values into Passare’s Authentication settings page.
Enable & configure SSO
After you've gathered the required information, go to your Passare settings.
Navigate to Organization > Authentication.
Enter the information from your IdP into the provided fields and click Save.
Toggle Single sign-on ON.
Test the SSO connection by logging out and attempting SSO login.
Troubleshooting tips
Mismatched Issuer/Entity IDs - Make sure they match what's in your IdP.
Expired Certificate - Update the X.509 certificate if authentication suddenly fails.
Case Sensitivity - Email addresses and identifiers are often case-sensitive.
Need help? Email us at support@passare.com or call (800) 692-5111.