---
title: "Single Sign-On"
slug: "single-sign-on"
updated: 2025-06-03T08:51:58Z
published: 2025-06-03T08:51:58Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://help.commbox.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Single Sign-On

![SSO icon.png](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/SSO%20icon.png)

## Overview

**Single Sign-On (SSO)** allows a user to use one set of credentials to log in to multiple websites and applications, which simplifies credential management, provides secure access, and streamlines the IT process. Depending on how your organization's identity provider support protocol is set up, select between **Directory Service** (LDAP) or **SAML Authentication**. The sections below discuss the related information for each of the protocols.

This guide requires a deep understanding of cyber security and appropriate admin privileges. Feel free to contact our support to activate this service for your account.

In this guide, we used **AzureAD** (Also known as **Microsoft Entra ID**) as the IdP of choice.

## Directory Service

If your organization is using LDAP for the SSO configuration, select **Directory Service** at the top and expand the first menu to enter the following information:

1. Enter the URL of the Directory
2. Toggle to **On** if you are using LDAP**S** protocol.
3. Enter the authorized IdP admin username and password.
4. **Save** settings at the bottom of the page.  

![Directory Service.png](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Directory%20Service.png)

## SAML Authentication

If your organization is using SAML for the SSO configuration, you will need to integrate your Identity Provider (IdP) with CommBox (Service Provider), exchanging metadata files between the two.

Log in to the [Azure portal](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/Overview) as a User administrator for the organization.

**Procedure:**

1. Add a new Azure AD User
2. Create Azure AD Custom Application
3. Configure Azure Application
4. Assign Existing Users To The Application
5. Configure SSO in CommBox

## Step I: Add a new Azure AD User

1. Search for and select [**Azure Active Directory**](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/Overview)from any page. Also known as **Microsoft Entra ID**. ![Step1 -1.png](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Step1%20-1.png)
2. At the sidebar menu, select **Manage** > **Users**, click the down arrow at the top, select **User**, and click **Create new user**. ![Step1 -2.png](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Step1%20-2.png)
3. On the **Create new user** page, enter the required information for this user. ![Step1 -3.png](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Step1%20-3.png) **Note:** The **User principal name** in AzureAD will be used for SAML authentication vs. the **user.username** in CommBox.
4. Copy and save the autogenerated password provided in the Password box.
5. Click on the **Review + create** at the bottom of the page. It takes a few seconds to create the account. You may click the **Refresh** button at the top.
6. On the next screen, review the created user information. Add Basics, Properties, and Assignments as desired and required, and click **Create**. ![Step1 -4.png](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Step1%20-4.png)

## Step II: Create Azure AD Custom Application

1. On the sidebar menu, select **Enterprise applications** and then click on the **+ New application** button at the top. ![Step2-1.png](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Step2-1.png)
2. In the **Microsoft Entra Gallery**, select **+ Create your own application**. ![Step2-2.png](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Step2-2.png)
3. In the **name of your app** field, enter your Commbox brand URL (for example, xyz.commbox.io). Then, select the **Integrate any other application you don't find in the gallery (Non-gallery)** radio button option. ![Step2-3.png](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Step2-3.png)
4. On the bottom of the page, click **Create**.

## Step III: Configure Azure Application

1. Navigate to **Home** > [**Azure Active Directory**](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/Overview) > **Enterprise applications**.
2. Select your account from the list (xyz-corp.commbox.io)
3. On the sidebar menu, navigate to **Manage** > **Single sign-on** and select **SAML**. ![Step2-4.png](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Step2-4.png)
4. On the **Set up Single Sign-On with SAML** page, the following sections have to be configured: a. On the **Basic SAML Configuration** section, for the **Identifier (Entity ID)** field, enter your CommBox brand URL (for example, https://xyz.commbox.io). b. For the **Reply URL (Assertion Consumer Service URL)** field, Set your Commbox brand URL with **/auth/sam**l suffix (for example https://xyz.commbox.io/auth/saml). ![Step2-5.png](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Step2-5.png) c. Optional step: If you wish to use service provider-initiated single sign-on, at the **Sign on URL**, enter your Commbox brand URL with **/auth/saml/sp-sso** suffix. (e.g https://xyz.commbox.io/auth/saml/sp-sso) ![Step3-3.png](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Step3-3.png)
5. Click **Save**.
6. Reload the current page by re-selecting **Single Sign-On** on the sidebar.
7. In the **SAML Certificates** section, click the **Download** link next to the “Federation Metadata XML”. ![Step3-4.png](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Step3-4.png) Save the file (e.g., xyz.commbox.io.xml) on your Computer. This **Federation Metadata XML** file will be used in the SAML Configuration in CommBox.
8. In the **Set up xyz.commbox.io** section, copy the **Microsoft Entra Identifier** into a notepad. It will be used in the SAML Configuration in CommBox. ![Step3-5.png](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Step3-5.png)

## Step IV: Assign Existing Users To The Application

1. Navigate to **Home** >[**Azure Active Directory**](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/Overview) > **Enterprise applications**, and click on your custom application, e.g., xyz.commbox.io
2. At the sidebar menu, select **Manage** > **User and groups**, and click **+ Add user/group** at the top. ![Step3-6.png](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Step3-6.png)
3. If you don’t see any users, click **None Selected**.
4. Select the user(s) you wish to assign the application to and click **Assign**.

## Step V: Configure SSO in CommBox

1. Log in to your CommBox account as an Admin.
2. Navigate to **Settings** > **Single Sign-On** module, select the **SAML Authentication** option at the top, and expand the **+SAML Authentication** section. ![CommBox SSO initial page.png](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/CommBox%20SSO%20initial%20page.png)
3. In the **SAML Authentication** section, enter the following information: a. At the **SSO Service URL** field, enter the Entra Identifier copied earlier (step 3-8). b. At the **Metadata File** section, enter the data you downloaded earlier (step 3-7). c. Download the **CommBox Metadata** (commbox.io.metadata.xml) and save it on your PC ![Step4-2.png](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Step4-2.png)
4. Upload the CommBox metadata to the **IDP** (Consider this final step for the Configure Azure Application part). You might need to click another ‘Save’. ![Step4-3.png](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Step4-3.png)
5. Test the connection by going to CommBox SSO Login URL: For example https://xyz.commbox.io/auth/saml/sp-sso If everything is set up properly, you will be redirected to the IDP login page. ![Step4-4.png](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Step4-4.png)

Log in with the user created in the **Azure user creation** (Make sure you’ve logged out as the admin user beforehand; otherwise, you’ll get an error message from the IDP).

---

**Related Articles:** [SAML authentication with Microsoft Entra ID](https://learn.microsoft.com/en-us/entra/architecture/auth-saml) [Quickstart: Add an enterprise application - Microsoft Entra ID](https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/add-application-portal)