To set up single sign-on (SSO) for Keepit, first create and configure an SSO application in Microsoft Entra ID (formerly Azure Active Directory). This process will yield the IDP URL and certificate, which are needed to configure SSO in Keepit.
Important: Before commencing the SSO setup, ensure you have a Microsoft account with a Premium subscription so that you can add non-gallery applications.
I. Create a Microsoft Entra application for SSO
- Sign in to the Microsoft Entra admin center.
- In the left-hand menu, navigate to Applications > Enterprise applications.
- Click +New application at the top.
- Click +Create your own application at the top.
- Enter a name for the application.
- Select Integrate any other application you don't find in the gallery (Non-gallery).
- In the left-hand menu, click Single sign-on.
- Under Select a single sign-on method, select SAML.
- In the Basic SAML Configuration box, click the pencil icon to open the configuration window.
- Under Identifier (Entity ID), click Add identifier and enter the identifier that corresponds to your data center:
Denmark (Copenhagen): https://dk-co.keepit.com/sso/metadata
United States (Washington, DC): https://us-dc.keepit.com/sso/metadata
Canada (Toronto): https://ca-tr.keepit.com/sso/metadata
Australia (Sydney): https://au-sy.keepit.com/sso/metadata
United Kingdom (London): https://uk-ld.keepit.com/sso/metadata
Germany (Frankfurt): https://de-fr.keepit.com/sso/metadata
Switzerland (Zurich): https://ch-zh.keepit.com/sso/metadata - Under Reply URL, click Add reply URL and enter the URL that corresponds to your data center:
Denmark (Copenhagen): https://dk-co.keepit.com/sso/login
United States (Washington, DC): https://us-dc.keepit.com/sso/login
Canada (Toronto): https://ca-tr.keepit.com/sso/login
Australia (Sydney): https://au-sy.keepit.com/sso/login
United Kingdom (London): https://uk-ld.keepit.com/sso/login
Germany (Frankfurt): https://de-fr.keepit.com/sso/login
Switzerland (Zurich): https://ch-zh.keepit.com/sso/login - Click Save in the toolbar.
- In the SAML Certificates box, click Download to the right of Certificate (Base64) and the certificate with a *.cer extension will download to your computer.
- Change the certificate extension to .txt.
- In the Set up [Application name] box, locate the Login URL. This is the IDP URL that you need to configure SSO in Keepit.
II. Assign users to the application in Microsoft Entra
For SSO to be enabled for individual users, assign them to your SSO application in Microsoft Entra.
- Sign in to the Microsoft Entra admin center.
- In the left-hand menu, navigate to Applications > Enterprise applications.
- Locate the application you created for SSO and click its name.
- Under Manage, select Users and groups.
- Click + Add user/group, opening the Add Assignment page.
- Click None Selected.
- Use the provided field to search for the users you wish to grant SSO access, then select them from the displayed list. Include the Master Admin (the service account for SSO setup) along with other users requiring SSO.
- Once all desired users appear under Selected members, click the Select button.
The number of selected users will appear under Users and groups. - Click the Assign button to finalize the user assignment.
III. Verify that Microsoft Entra users are present in Keepit
- Sign in to Keepit as a Master admin.
- In the lower-left corner, click the account profile > Account info.
- Select the Users tab.
- Verify that all users assigned to the Microsoft Entra application are present in the Keepit userlist.
If any user is missing, create a new user in Keepit with the same name and email address (this should be the same as the User Principal name) as the user in Microsoft.
Note: Keepit is case-sensitive, so ensure that the case matches precisely.