SAML 2.0 with Entra ID

Configure Voilà for Microsoft Entra ID

Create a new Enterprise Application

Name: voila.live
Type: non-gallery

Configure Single Sign On

Use the following configuration

Type: SAML
Basic SAML Configuration:
Identifier (Entity ID): https://api.voila.live/sso/saml (default name)
Reply URL (Assertion Consumer Service URL): https://api.voila.live/sso/saml/consume
Sign on URL: https://api.voila.live/sso/saml/init
Relay state: None
Logout URL: None

Attributes and claims

Remove any previous claim
Add the following claims
- family_name = user.givenname
- given_name = user.surname
- email = user.email
- sub = user.email (or any field whose value is unique, ex: employeeId)
- sharePersonalData = true (constant, see GDPR related paragraph)

img Additional claims and mapping

SAML Certificates

Token certificates

Download the token signing certificate in base64 format
Download the metadata file
Hand over those files to Voilà

img Token Signing Certificates

Verification certificates

Edit SAML Certificates
Select 'Sign SAML response and assertion'

img Verification certificates

Required: Yes
Allow SHA-1 : No

Upload certificate

sso.voila.live.x509.cer

img Verification certificates

Using the SSO feature has impacts on your GDPR compliance. Indeed, harvesting the user’s consent must be done by your organization and prior to your event.

Activating the SSO will prevent the player to display any kind of form at signup

Configure Voilà for Microsoft Entra ID​

Create a new Enterprise Application​

Configure Single Sign On​

Attributes and claims​

SAML Certificates​

Verification certificates​

What about the GDPR ?​