This guide walks you through configuring Single Sign-On (SSO) between ObservePoint and Azure Active Directory using SAML 2.0.
Prerequisites
Admin access to your Azure Active Directory account
Admin access to your ObservePoint account
Access to start an SSO configuration in ObservePoint
Step 1: Start SSO Configuration in ObservePoint
Log into ObservePoint as an Account Admin
Navigate to Settings > Single Sign-on
Click to start a new SSO configuration
Step 2: Create Enterprise Application in Azure
Sign into the Azure Portal
Navigate to Azure Active Directory > Enterprise Applications > All Applications
Click New Application
Click Create your own application at the top
Give your application a name (e.g., "ObservePoint")
Make sure Integrate any other application you don't find in the gallery (Non-gallery) is selected
Click Create
Step 3: Configure SAML Single Sign-On
Once your application is created, click the "getting started" link inside the box named "Set up single sign on".
Select SAML as your SSO method.
Step 4: Configure Basic SAML Settings
Click Edit on Section 1: Basic SAML Configuration
Identifier (Entity ID): Copy values from ObservePoint
Reply URL (Assertion Consumer Service URL): Copy values from ObservePoint
Click Save and close the Basic SAML Configuration panel
Note: You do not need to edit Section 2 (User Attributes & Claims) or other sections. The default Azure claims align with ObservePoint's requirements.
Step 5: Assign Users and Groups
Click Users and groups in the left navigation
Click Add user/group near the top
Under Users, click None Selected
Search for and select the users who need access to ObservePoint
Click Select at the bottom
Click Assign to complete the assignment
Step 6: Get the Federation Metadata URL
Return to Single sign-on in the left navigation
Scroll to Section 3: SAML Certificates
Copy the App Federation Metadata URL
Step 7: Complete ObservePoint Configuration
Return to the ObservePoint SSO configuration screen
Paste the Azure App Federation Metadata URL into the configuration field
ObservePoint will validate the URL and retrieve all necessary configuration data
Click Next
Step 8: Configure ObservePoint SSO Settings
Choose an account subdomain for SSO login (e.g.,
yourcompany.app.observepoint.com)User provisioning: Choose whether to automatically create ObservePoint accounts for users who don't already exist
Users are matched by email address from your identity provider
If auto-provisioning for new users is disabled, users must have an existing ObservePoint account before logging in via SSO
Step 9: Test and Activate
Click Test SSO, then LAUNCH SSO TEST
Verify that you can successfully authenticate
If the test is successful, click Activate to enable SSO for your account
Your Azure AD SSO integration is now live login using your custom subdomain!
Advanced Features
Once your basic SSO setup is complete, you can configure these additional features:
Require signed SAMLRequests: Enhanced security requiring Azure AD to import ObservePoint's certificate from the metadata file
Single Sign-On (SSO): Allow users to launch ObservePoint directly from the Azure portal or My Apps
Single Logout (SLO): When a user's Azure AD session ends, their ObservePoint session will also end
Note: ObservePoint will not terminate the Azure AD session
Troubleshooting
If you encounter issues:
Verify that the App Federation Metadata URL is correct and accessible
Ensure users are properly assigned to the enterprise application
Check that email addresses match between Azure AD and ObservePoint
Confirm that your subdomain is unique and available
Review the SAML assertions to ensure claims are being sent correctly