🤠 Set up Azure <> Spendesk SAML SSO

Create a single sign-on option for Spendesk on your Azure account.

Updated over a week ago

Azure AD (Active Directory)

Please reach out to your Customer success manager to enable this feature 🎉 !

Spendesk is not listed as a gallery application in Azure AD. Follow the instructions below to set up Azure AD with Spendesk ⬇️

1. Open the Azure portal and sign in as an Azure admin or co-admin.

2. Navigate to Azure Active Directory > Enterprise Applications.

3. Initiate the setup of a new app:

4. Click on "adding a non-gallery application" / "create your own application"

When creating an Enterprise Application, Azure automatically assigns an owner role to the person creating the application for their organisation. This role can be transferred within their organisation. Owner role is needed to be able to manage the application within Azure.

5. Give it a name like "Spendesk" and click on "Create".

6. Afterwards you'll be able to set it up by navigating to "Single sign-on" and selecting "SAML". Setup the connection by clicking on the "Edit" button.

7. Add the url we provided, in both "Identifier" and "Reply URL" fields:

8. In addition, you will need to set the "Unique User Identifier" from the section "User Attributes and Claims" to "user.mail".

Please also make sure all the other fields are correctly filled. In order to work as expected, Spendesk SAML SSO needs the following claims:

  • user.mail

  • user.givenname

  • user.surname

Along with the NameID

Note: please make sure that each user account should have an email address, a first name, and a last name set up under your identity provider to be able to log in.

9. Once done, add your users into the Spendesk app:

10. After saving, you should land on the main screen. From it, you can download the config file you’ll need to forward with us under "SAML Signing Certificate" > "Federation Metadata XML".

Validate and you're all set! 💪

Did this answer your question?