SSO - Azure AD to Foxpass

Prerequisites

1. Access to Azure Active Directory (Azure AD) as an administrator.
2. An active Foxpass account with administrator access.

Add Foxpass as an Enterprise Application in Azure AD

• Log in to the Azure portal with an administrator account.
• Navigate to Azure Active Directory > Enterprise Applications > New Application.

• Select Create your own application, enter a name (e.g., "Foxpass SSO"), and choose Integrate any other application you don't find in the gallery (Non-gallery app). Click Create

.

• Assign Users and Groups according to your needs.
• Click Set up single sign on and choose SAML as the single sign-on method.

• Identifier (Entity ID): https://console.foxpass.com/login_idp/<domain>. Make sure to update the to your account's domain.
• Reply URL (Assertion Consumer Service URL): <https://console.foxpass.com/login_idp/><domain>
• Click Save.

• In the Attributes & Claims section, make sure the Unique User Identifier is user.mail.

• Download Certificate (Base64).
• Note the Login URL, Microsoft Entra Identifier and Logout URL on step 4. These will be used in Foxpass.

• Go to IDP page on Foxpass.
• Click on Add IDP.
• IDP Name: Your choice
• Entity ID / Issuer URL: Paste the Microsoft Entra Identifier noted earlier.
• Paste the certificate downloaded earlier.
• Paste the login and logout URL noted earlier.
• Click Save.

• Go to Azure portal. Test single sign-on with Foxpass SSO. Click Test button > Test sign in.

• Log out of both Azure and Foxpass.
• Attempt to log in to Foxpass with Sign in with Identity Provider.

• Verify that the login is successful and that users are redirected appropriately.

Troubleshooting

• Error with attributes or claims: Ensure all claims match Foxpass’s requirements.
• Certificate mismatch: Verify the correct certificate is uploaded in Foxpass.
• User not authorized: Ensure users are assigned to the Foxpass application in Azure AD and exist in the Foxpass system.