SSO - Entra to Foxpass

Prerequisites

1. Access to Entra as an administrator.
2. An active Foxpass account with administrator access.

Add Foxpass as an Enterprise Application in Entra

• Log in to the Azure portal with an administrator account.
• Navigate to Entra > Enterprise Applications > New Application.

• Select Create your own application, enter a name (e.g., "Foxpass SSO"), and choose Integrate any other application you don't find in the gallery (Non-gallery app). Click Create

.

• Assign Users and Groups according to your needs.
• Click Set up single sign on and choose SAML as the single sign-on method.

• Identifier (Entity ID): https://console.foxpass.com/login_idp/<domain>. Make sure to update the to your account's domain.
• Reply URL (Assertion Consumer Service URL): <https://console.foxpass.com/login_idp/><domain>
• Click Save.

• In the Attributes & Claims section, make sure the Unique User Identifier is user.mail.

• Download Certificate (Base64).
• Note the Login URL, Microsoft Entra Identifier and Logout URL on step 4. These will be used in Foxpass.

• Go to IDP page on Foxpass.
• Click on Add IDP.
• IDP Name: Your choice
• Entity ID / Issuer URL: Paste the Microsoft Entra Identifier noted earlier.
• Paste the certificate downloaded earlier.
• Paste the login and logout URL noted earlier.
• Click Save.

• Go to Azure portal. Test single sign-on with Foxpass SSO. Click Test button > Test sign in.

• Log out of both Azure and Foxpass.
• Attempt to log in to Foxpass with Sign in with Identity Provider.

• Verify that the login is successful and that users are redirected appropriately.

Troubleshooting

• Error with attributes or claims: Ensure all claims match Foxpass’s requirements.
• Certificate mismatch: Verify the correct certificate is uploaded in Foxpass.
• User not authorized: Ensure users are assigned to the Foxpass application in Azure AD and exist in the Foxpass system.