For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
13.5kProductPricingSign inStart free trialBook a demo
DocsAPIsSDKsEnterprise EdgeGuidesAcademyRelease notes
DocsAPIsSDKsEnterprise EdgeGuidesAcademyRelease notes
    • Home
  • Get started
    • Quickstart
    • Introduction to feature flags
    • Unleash architecture overview
  • Core concepts
    • Overview
    • Import and export
      • Unleash hosting options
        • OpenID Connect
        • SAML 2.0
        • SAML Keycloak
        • Azure SAML
        • Keycloak group syncing
        • Group SSO sync
      • Developer Toolbar

Unleash reduces the risk of releasing new features, drives innovation by streamlining the software release process, and increases revenue by optimizing end-user experience. While we serve the needs of the world's largest, most security-conscious organizations, we are also rated the “Easiest Feature Management system to use” by G2.

GitHubGitHubLinkedInLinkedInX (Twitter)X (Twitter)SlackSlackStack OverflowStack OverflowYouTubeYouTube

Server SDKs

  • Node.js
  • Java
  • Go
  • Rust
  • Ruby
  • Python
  • .NET
  • PHP
  • All SDKs

Frontend SDKs

  • JavaScript
  • React
  • Next.js
  • Vue
  • iOS
  • Android
  • Flutter

Feature Flag use cases

  • Secure, scalable feature flags
  • Rollbacks
  • FedRAMP, SOC2, ISO2700 compliance
  • Progressive or gradual rollouts
  • Trunk-based development
  • Software kill switches
  • A/B testing
  • Feature management
  • Canary releases

Product

  • Quickstart
  • Unleash architecture
  • Pricing
  • Product vision
  • Open live demo
  • Open source
  • Enterprise feature management platform
  • Unleash vs LaunchDarkly

Support

  • Help center
  • Status
  • Changelog
Made in a cosy atmosphere in the Nordic countries.Copyright © 2026 Unleash
LogoLogo
13.5kProductPricingSign inStart free trialBook a demo
On this page
  • Prerequisites
  • Create an enterprise application in Microsoft Entra ID
  • Configure SAML SSO for the application
  • Add SAML configuration
  • Manage attributes and claims
  • Save SAML certificate, identifier, and login URL
  • Configure the SAML 2.0 provider in Unleash
  • Test your configuration
  • Enable group syncing
Integrate and deploySingle sign-on

Set up SSO with SAML 2.0 and Microsoft Entra ID

||View as Markdown|
Was this page helpful?

Last updated May 11, 2026

Previous

Set up user group syncing with Keycloak

Next
Built with
Enterprise

This guide walks you through setting up single sign-on (SSO) using SAML 2.0, with Microsoft Entra ID as the identity provider (IdP). Unleash supports a variety of identity providers and protocols; visit our reference documentation to explore other options.

Prerequisites

To follow along, you’ll need:

  • An Unleash instance with Admin access.
  • Access to Microsoft Entra as at least a Cloud Application Administrator.

Create an enterprise application in Microsoft Entra ID

To create a new enterprise application in Microsoft Entra, do the following:

  1. In the Microsoft Entra admin center, go to Identity > Applications > Enterprise applications and click New application.
  2. In the Microsoft Entra Gallery, click Create your own application.
  3. Enter an app name, select the Integrate any other application you don’t find in the gallery option, and click Create.

Configure SAML SSO for the application

Add SAML configuration

To configure SSO for the new application, do the following:

  1. In the overview page of the application, go to Manage > Single sign-on and click SAML.
  2. In the Basic SAML Configuration section, click Edit.
  3. Click Add identifier and enter the Unleash identifier. For hosted instances, that is https://<region>.app.unleash-hosted.com/<your_unleash_instance_name>.
  4. Click Add reply URL and enter the URL shown in the Unleash Admin UI at Admin settings > Single sign-on > SAML 2.0. For example, <your_unleash_url>/auth/saml/callback.
  5. Click Save.

Manage attributes and claims

To configure attributes and claims for the new application, do the following:

  1. In the single sign-on settings of your application, go to Attributes & Claims and click Edit.
  2. Go to Required claim and click Unique User Identifier (Name ID).
  3. For Name identifier format, select Email address.
  4. For Source, select Attribute and for Source attribute select user.mail.
  5. Click Save.

To populate the first and last names of users in Unleash, configure two additional claims with attributes user.givenname and user.surname with no namespace.

SAML configuration in Microsoft Entra admin center

Save SAML certificate, identifier, and login URL

Save the following information from the single sign-on settings of your application:

  • SAML certificate
  • Login URL
  • Microsoft Entra Identifier

SAML certificate

To save the SAML certificate, go to the single sign-on settings of your application. In SAML Certificates > Federation Metadata XML, click Download. Open the file and copy the contents between the X509Certificate tag.

X509 Certificate from the SAML certificate XML file

Login URL

To find your login URL, go to the single sign-on settings of your application. In the Set up <your-application-name> section, copy and save Login URL. For example: https://login.microsoftonline.com/<your_identifier>/saml2.

Microsoft Entra identifier

To find your Microsoft Entra identifier, go to the single sign-on settings of your application. In the Set up <your-application-name> section, copy and save Microsoft Entra Identifier. For example: https://sts.windows.net/<your_identifier>

Configure the SAML 2.0 provider in Unleash

To finalize the configuration, do the following:

  1. In the Unleash Admin UI, go to Admin settings > Single sign-on > SAML 2.0.
  2. In Entity ID, enter your Microsoft Entra identifier.
  3. In Single sign-on URL, enter your Login URL.
  4. In X.509 Certificate, enter your SAML certificate.
  5. Optional: To automatically create users for first-time sign-ins, select Auto-create users. Select a default root role new users should have, and configure the list of valid email domains.
  6. Click Save.

Configure SAML 2.0 in Unleash

Test your configuration

To test that things are working as expected, log out of Unleash and verify that the login screen gives you the option to sign in with SAML 2.0. You can also test the integration in Microsoft Entra in the single sign-on settings of your application.

Enable group syncing

Optionally, you can sync groups from Microsoft Entra ID to Unleash to map them to groups in Unleash.

To create the group in Microsoft Entra, do the following:

  1. In the Microsoft Entra admin center, go to the single sign-on settings of your application, and select Attributes & Claims.
  2. Click Add a group claim and select Groups assigned to the application.
  3. In the Advanced options click Customize the name of the group claim, and enter a name.
  4. Click Save.

Microsoft Entra limits the number of groups emitted in a SAML response to 150, including nested groups. If you have users who are present in more than 150 groups, add a filter in the advanced section of group claims to ensure the response only includes the groups you want to send to Unleash.

To enable group syncing in Unleash, do the following:

  1. In the Unleash Admin UI, go to Admin settings > Single sign-on > SAML 2.0.
  2. Select Enable Group Syncing and add the name in your group in Group Field JSON Path.
  3. Click Save.