1.) Ensure that on the Active Directory side you have correctly created the SAML Single sign-on application.  If you have not created one or need to verify the process the steps are below in the Azure Portal (https://portal.azure.com) ensure you are logged in as the Global Admin account for your organization. This is generally required to create enterprise applications and also assign users to the application.

2.) Navigate to "Enterprise applications" (use the search if you don't see it on the home screen)

3.) Select New Application then select "Non-gallery application" as this will be a custom setup.

4.) Select Create your own application

5.) Give the application a name, such as "BreezeSAML" or something that is more descriptive for your organization.  Once the app is created, you'll be taken to the Overview page. You can find this menu in the future by selecting "Enterprise applications" then searching for and selecting "BreezeSAML" .

 6.) On the left of the application page, you'll find your navigation pane. Select "Single sign-on" below the "Manage" group header.

                   

7.) If you haven't already set-up Single sign-on, you'll be prompted to select a method. Select SAML. 

                    

 

   8.) Now that this is complete, navigate to your Breeze Server to complete the Breeze SSO Identity Providers set-up to get its Metadata XML file. (This file contains all the URLs the application needs to configure SAML with Breeze). Be sure to keep your Azure window open, as we have additional information to gather to place into Breeze. To add a SAML IdP for Azure Active Directory click the plus icon in the top right corner. Then, fill in the required information found on the SSO entry page, as follows: 

                     

 8a.) Name: The name for the IdP which will display on the Login page. This can be an organization name, or anything that users know to click it for use. For example, "University" will be displayed as "Login with University". This name is also used for the folder in the Users tree that new accounts will be added to. 

8b.) Entity ID: The Entity ID is the name of the SP used on the IdP. For convenience the Entity ID is generated automatically.  

                     

9.) Now, copy the IdP URL, SIgn-On Service URL & Logout Service URL from section 4 on the Microsoft Azure Set up Single Sign-On with SAML page. 

Copy the Login URL to the Sign-On Service URL: The URL for the IdP sign-on service.

Copy the Azure AD Identifier/Microsoft Entra Identifier to the IdP URL: The IdP is a URL to the Entity ID on the IdP. 

Copy the Logout URL to the Logout Service URL: The URL for the IdP logout service. 

                     

                  Microsoft Azure recently changed the label from Azure AD Identifier to Microsoft Entra Identifier:

                        

                  10.) Change the IdP Encryption to Base64 (IdP Certificate Input Format) and SP Encryption to No Service Provider Certificate.  

11.) Press the  button and then download the Metadata XML file from here: 

12.) Upload the metadata file to your Azure SAML Single Sign-On and press Save after the XML has been uploaded. 

Before downloading the certificate in the next step, please ensure that you make all of the Azure setting changes.  If changes are made after, you will need to download the certificate again and save it into Breeze.

13.) The Download option will now be available:

14.) Open the .cer file with Notepad copy everything and paste into the Identity Provider Certificate section under the SSO Identity Providers section in Breeze.  

15.) Finally, press the Update button to save final changes. 

Once you have added users you can test the login by logging out of Breeze and clicking the new login button on the right.  You'll be redirected to Microsoft to login then taken back to Breeze. 

** Note: Users created have no permissions.  You must logout and login with a Breeze admin account and then on the Users page to set permissions for the new user. **