Azure AD / Entra ID
Setting up SAML2.0 SSO with Azure AD / Microsoft Entra ID as an IdP for Currents
Enabling SSO will affect all users of your organization, users would not be able to sign in to Currents using a different authorization method when SSO is enabled.
Supported Features
SP-initiated SSO (Single Sign-On)
Just-In-Time provisioning
Setup Steps
Create Enterprise Application
Sign in to the Azure Portal
Navigate to Microsoft Entra ID (formerly Azure Active Directory)
Go to Enterprise applications > New application
Click Create your own application
Enter a name (e.g., "Currents") and select Integrate any other application you don't find in the gallery (Non-gallery)
Click Create
Configure SAML Single Sign-On
In your new application, go to Single sign-on in the left menu
Select SAML as the single sign-on method
In the Basic SAML Configuration section, click Edit and set:
Identifier (Entity ID)
urn:amazon:cognito:sp:us-east-1_Z9TVEnj0k
Reply URL (ACS URL)
https://auth.currents.dev/saml2/idpresponse
Click Save
Configure User Attributes and Claims
You must configure claim transformations as described below to ensure correct operation.
Azure AD may send email addresses with mixed-case characters which is not supported by Currents Authentication provider.
Currents requires Unique User Identifier (Name ID) NameID to be the user's email address in lowercase.
Unique User Identifier (Name ID)
Configure Entra to send the user's lowercase email as NameID attribute.
In the Attributes & Claims section, click Edit
Open the Unique User Identifier (Name ID) claim
claim name
nameidentifier;namespace
http://schemas.xmlsoap.org/ws/2005/05/identity/claims
Under Choose name identifier format, set Name identifier format to Persistent.
Under Source, select Transformation (not Attribute).
Set Transformation to ToLowercase with input
user.mail— the portal displays this as ToLowercase (user.mail).Click Save
Additional claims
Under Attributes & Claims, in Additional claims, click Add new claim for each row below. Use SAML as the claim type where the portal asks for it.
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
Transformation ToLowercase with source user.mail (shown as ToLowercase (user.mail)).
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
user.displayname
Use the ToLowercase transformation for email values so mixed-case addresses from Azure AD match Currents accounts.
Download Federation Metadata
In the SAML Certificates section, locate Federation Metadata XML
Click Download to save the metadata file
Open the downloaded XML file and verify it contains both
HTTP-POSTandHTTP-Redirectbindings:
<SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://login.microsoftonline.com/..." />
<SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://login.microsoftonline.com/..." />Share Configuration with Currents
Contact Currents support ([email protected] or via in-app chat) and provide:
The downloaded Federation Metadata XML file
List of email domains your organization uses (e.g.,
@example.com,@example.org)
Currents support will configure your SSO integration and notify you when it's ready.
Assign Users
In your Enterprise application, go to Users and groups
Click Add user/group
Select the users or groups who should have access to Currents
Click Assign
Test the Integration
Once Currents support confirms the integration is active:
Navigate to https://app.currents.dev/login
Enter your email address and click Continue
You will be redirected to Microsoft's login page
After authenticating, you should be redirected back to the Currents dashboard
If you encounter errors, see Troubleshooting SSO.
Reference
For more details on SAML attribute configuration, see:
SAML2.0 Configuration — full SAML configuration reference
Microsoft Entra SAML Claims Customization — official Microsoft documentation on claim transformations
Last updated
Was this helpful?