Set Up Single Sign-On (SSO) with Microsoft Entra ID
This article explains how to set up Single Sign-On (SSO) for your organisation using Microsoft Entra ID.
With SSO enabled, your colleagues can log in to Agriplace using their Microsoft work credentials. This simplifies onboarding and improves security.
Before You Start
To configure SSO, you need:
- A Pro account
- An active Microsoft Entra ID tenant
- Admin access to the Entra tenant
- Owner permissions in your Agriplace account
- SSO functionality enabled by the Agriplace team (please contact Support if not yet enabled)
Step-by-Step Setup
Step 1 – Start the SSO Setup in Agriplace
- Log in to your Agriplace account
- Go to Company Settings → Company security
- Click Connect Microsoft Entra
You will receive:
- Entity ID
- Reply URL
Keep these values ready for the next steps.
Step 2 – Create an Enterprise Application in Microsoft Entra
- Go to the Microsoft Entra portal
- Navigate to Applications → Enterprise applications
- Click + New application
- Choose Create your own application
- Name it (e.g. “Agriplace – SSO”)
- Select Integrate any other application
- Click Create
Step 3 – Configure SAML SSO
- Open the newly created application
- Go to Single sign-on
- Choose SAML
- Under Basic SAML Configuration, click Edit
- Enter the Entity ID and Reply URL from Agriplace
- Save your changes
Step 4 – Configure Attributes & Claims
This step ensures correct user mapping (email, name, etc.).
- Go to Attributes & Claims
- Click Edit
- Ensure the following claims are included and properly configured:
- Email address
- Name
- Enable “Emit claim as a JWT” for:
- emailaddress
- name
Make sure:
- The Unique User Identifier is correctly configured
- Any conflicting default claims are removed
Without correct claims configuration, users may not be created properly in Agriplace.
Step 5 – Assign Users Access
In the Entra application:
- Go to Users and groups
- Assign the users (or groups) who should have access
Step 6 – Copy the Metadata URL
- In the SAML configuration page, go to SAML Certificates
- Copy the App Federation Metadata URL
Step 7 – Complete Setup in Agriplace
- Return to Company Settings → Company security → SSO
- Click Next
- Paste the App Federation Metadata URL
- Click Enable
The system will validate the configuration and activate SSO.
You will then receive a dedicated sign-in URL for SSO login.
Domain Verification (Recommended)
After enabling SSO, we strongly recommend verifying your company email domain.
This improves user experience and security.
Why Verify Your Domain?
- Users are automatically redirected to Microsoft SSO
- No need to select login methods
- Prevents other organisations from claiming your domain
How to Verify Your Domain
Step 1 – Add Domain
Go to:
Company Settings → Company security → Domain verification
- Enter your company domain (e.g. company.com)
- Click Add domain
You will receive a DNS TXT record.
Step 2 – Add DNS Record
- Log in to your domain registrar (e.g. GoDaddy, Cloudflare, etc.)
- Open DNS settings
- Add the provided TXT record
- Save changes
DNS updates may take up to 30 minutes.
Step 3 – Verify
Return to Agriplace and click Verify next to your domain.
Once verified, your domain will show as Verified and linked to your organisation.
Troubleshooting
You don’t see the “Connect Microsoft Entra” button
- Make sure SSO is enabled for your account
- Ensure you have Owner permissions
SSO setup fails
- Verify you pasted the correct App Federation Metadata URL
Users are missing name or email
- Check your Attributes & Claims configuration
For assistance, contact Simvia Support at: