How to configure Microsoft Entra ID SSO in Supermetrics

This guide explains how to configure your Microsoft Entra ID tenant to enable single sign-on (SSO) for Supermetrics using SAML 2.0. This allows your team members to access Supermetrics with their enterprise credentials.

For more information, see also Microsoft Entra ID's guidance on enabling single sign-on for enterprise applications.

Before you begin

Before you can configure your Microsoft Entra ID tenant for logging in to Supermetrics, you need the following:

• A Microsoft Entra ID tenant.
• An account that is at least a Cloud Application Administrator.
• Supermetrics SAML configuration details (you can get these details by contacting Supermetrics support):
  • Assertion Consumer Service URL (ACS URL): The URL where Microsoft Entra ID will send the SAML assertion.
  • Entity ID: Unique identifier for Supermetrics as a service provider. 

    Important: Treat the entity ID value as-is and do not change it (such as by adding trailing slashes). While the entity ID looks like a URL, it's a URI and must not be modified.

  • Start URL: The URL where users will be redirected after successful authentication.

Instructions

Step 1: Register an enterprise application in Microsoft Entra ID

1. Log in to the Microsoft Entra admin center as one of the following: Cloud Application Administrator, Application Administrator, Global Administrator.
2. In the Entra admin center, navigate to Microsoft Entra ID → Enterprise applications → New application → Create your own application. 
3. Select Integrate any other application you don't find in the gallery (Non-gallery), and give it a name, such as "Supermetrics", and continue.
4. In the new app, navigate to Manage → Single sign-on.
5. Select SAML as the single sign-on method.
6. On the SAML setup screen, make the following adjustments:
   • Basic SAML Configuration:
     • Identifier (Entity ID): Enter the Entity ID provided to you.
     • Reply URL (ACS URL): This URL will be used by Supermetrics to receive the SAML response from Microsoft Entra ID.
     • Sign-on URL: This URL will be provided by Microsoft Entra ID. You will use it later for testing.
     • Relay State: Specify the Start URL provided to you.
   • User Attributes & Claims:
     • Name ID: Map the user.mail attribute to the Name ID for the Email Address format. This is very important if you have external users in your directory and want their proper emails to be used instead of EXT surrogates.
7. Download the Federation Metadata XML file. You will need to pass it back to Supermetrics to finish the registration of your domain.

Step 2: Assign users and groups to the application

In the Users and groups blade, assign the users and groups that should have access to Supermetrics.

If you want any user to be able to log into Supermetrics without extra work, you can configure self-serve to allow users to log in freely or go through the admin approval process.

Step 3: Share SAML metadata with Supermetrics

Download the Federation Metadata XML file and share the file with Supermetrics to finish the registration of your domain.

Step 4: Test the integration

After Supermetrics confirms that your metadata file has been received and processed, you can test the integration.

1. Try to log in to the Supermetrics Hub as a user who has been assigned to the Supermetrics application in Microsoft Entra ID.
2. Once the user is logged in to Supermetrics, verify that the user in the top-right corner of the Supermetrics Hub matches their selected Microsoft Entra identity.

Review the audit logs in Microsoft Entra ID to ensure authentication is successful or to identify any issues.