Skip to content
  • There are no suggestions because the search field is empty.

Setting Up SSO with Microsoft Entra ID

This document outlines how to configure SSO with Relaymed if your organization uses Microsoft Entra ID (formerly Azure AD).

If you are using a different identity provider, see OIDC Technical Requirements for Non-Azure Identity Providers.

What We Need From You

  1. Azure AD Tenant ID - your organization's Entra tenant identifier.
  2. Email domain(s) - the email domain(s) your users will use to sign in to Relaymed (e.g. yourcompany.com). See the Email Domains section in Setting Up SSO with Relaymed for more detail.

You do not need to create an app registration. Relaymed uses a multi-tenant app registration on our side - your Azure administrator simply needs to grant consent.

Required Claims

The following claims are read from the Identity Token during authentication. These are configured on our side and should work automatically with a standard Entra ID setup:

Claim Description Required
sub A unique, stable identifier for the user. Relaymed uses this to identify returning users. Yes
email The user's email address. This should match the domain configured for your organization in Relaymed. Yes
given_name The user's first name. Yes
family_name The user's last name. Yes

If your Entra ID is configured in a way that does not return the email claim by default, let us know during setup.

Restricting Access to Specific Users or Groups

By default, all users in your Entra ID tenant will be able to authenticate with Relaymed. If you want to restrict access to specific users or groups:

  1. In your Azure portal, go to Enterprise Applications and find the Relaymed application.
  2. Under Properties, set Assignment required? to Yes.
  3. Under Users and groups, assign the specific users or groups that should have access to Relaymed.

Only assigned users will be able to sign in. Users not assigned will be blocked by Entra before reaching Relaymed. This is managed entirely within your Azure environment.

Setup Process

  1. Send us your Azure AD Tenant ID and email domain(s).
  2. We will send back an admin consent URL for your Azure administrator to authorize.
  3. Your Azure administrator clicks the consent URL and grants access.
  4. We will agree on a switchover date and time to enable SSO for your organization. On that date, we will complete the configuration on our side and confirm when SSO is live.