Skip to main content

SAML 2.0 with Entra ID

Configure Voilà for Microsoft Entra ID

Create a new Enterprise Application

Type: non-gallery

Configure Single Sign On

Use the following configuration

Type: SAML
Basic SAML Configuration:
Identifier (Entity ID): (default name)
Reply URL (Assertion Consumer Service URL):
Sign on URL:
Relay state: None
Logout URL: None

Attributes and claims

  • Remove any previous claim
  • Add the following claims
    • family_name = user.givenname
    • given_name = user.surname
    • email =
    • sub = (or any field whose value is unique, ex: employeeId)
    • sharePersonalData = true (constant, see GDPR related paragraph)

img Additional claims and mapping

SAML Certificates

Token certificates

  • Download the token signing certificate in base64 format
  • Download the metadata file
  • Hand over those files to Voilà

img Token Signing Certificates

Verification certificates

  • Edit SAML Certificates
  • Select 'Sign SAML response and assertion'

img Verification certificates

Required: Yes
Allow SHA-1 : No

Upload certificate

img Verification certificates

What about the GDPR ?

Using the SSO feature has impacts on your GDPR compliance. Indeed, harvesting the user’s consent must be done by your organization and prior to your event.

Activating the SSO will prevent the player to display any kind of form at signup