Skip to main content

How To Configure Entra ID (Azure AD) with Fugo Single Sign-On

Step-by-step guide to configuring SSO between Entra ID (Azure AD) and Fugo, including claim mapping, hybrid tips & testing setup.

Sarah avatar
Written by Sarah
Updated over a week ago

Table of contents

Modern organisations often rely on identity providers (IdPs) such as Entra ID (Azure AD), Okta, Google, or Ping Identity. These platforms streamline authentication, reduce password fatigue, and centralise user management - all of which help IT teams keep things running smoothly (and securely) without chasing down forgotten passwords.

With Entra ID, you can federate your Fugo account and enable Single Sign-On (SSO), allowing seamless access to Fugo via your organisation’s credentials.

This guide covers both cloud-only Entra ID (pure Azure/Entra accounts) and hybrid identity setups (Active Directory synchronized with Entra ID).

Prerequisites

  • Administrator access to the Entra ID (Azure AD) Portal.

  • Administrator access to your Fugo account.

  • For hybrid setups: Entra Connect must be operational, synchronizing your on-premises Active Directory to Entra ID.

Add Fugo SSO application to Entra ID

  1. Sign in to the Entra ID Portal with an admin account.

  2. Navigate to Identity > Applications > Enterprise Applications.

  3. Click New Application.

  4. Select Create your own application (Fugo is not in the gallery yet).

  5. Name the app (e.g., “Fugo SSO”) and select Integrate any other application you don’t find in the gallery.

  6. Click Create. You’ll be taken to the app’s overview page.

Basic SAML configuration (dummy values)

At this point, you won't have the real values from Fugo just yet - but that’s expected. We'll plug those in once the connection is made.

Use placeholder values for now:

  1. Go to Single sign-on in your new app and select SAML.

  2. Under Basic SAML Configuration, click Edit.

  3. Enter the following dummy values:

  4. Save your changes. You will update these values later.

Attributes & claims

  1. In the SAML configuration, go to Attributes & Claims and click Edit.

  2. Add a new claim:

    • Name: fugo_role

    • Source: As required for your role mapping

  3. To assign users to Fugo spaces, add another claim:

    • Name: fugo_space

    • Source: As required

  4. Save any changes.

Mapping Fugo role & space claims

Now that you’ve created your claims, let’s talk about what to map them to - this ensures users land in the right places with the right permissions in Fugo.

When adding the fugo_role and fugo_space claims, you’ll want these to reflect the actual user roles and space memberships in Fugo. This is usually achieved by mapping them to attributes or group memberships in Entra ID.

For cloud-only users

If you manage all users directly in Entra ID, you can:

  • Use user attributes (such as jobTitle, department, or custom attributes) as the source for your claims.

  • Alternatively, use group membership to set role or space claims.

For hybrid (Active Directory + Entra) users

If your users are synchronised from on-premises AD, you'll typically want to:

  • Use AD attributes (synced into Entra as part of the user profile) as the claim source.

  • Or, use group membership - assigning users to AD groups (which sync to Entra).

How to configure

Let’s walk through how to actually map these attributes or groups to your SAML claims.

In Attributes & Claims, click Add new claim.

  1. For Name, enter fugo_role or fugo_space.

  2. For Source, choose:

    • Attribute: Select the appropriate user attribute (e.g. department, extensionAttribute1, etc.).

    • Group: If using group membership, select TransformationJoin group names (or similar, depending on Entra UI).

  3. If using group-based roles or spaces, ensure your on-premises AD groups are synchronised to Entra and assigned to the Fugo SSO app.

  4. Click Save.

Example:

  • To set a user’s Fugo role from an AD attribute (e.g. extensionAttribute1), map fugo_role to that attribute.

  • To assign a Fugo space based on group, create a group claim, or use group name transformation.

Note: For users logging in via IdP-initiated SSO, these claims will be included in the SAML response, ensuring Fugo receives the correct role and space data automatically.

SAML certificates

  1. Under SAML Certificates, download the Base64 certificate.

  2. Open the certificate file and copy the contents (excluding the ---BEGIN CERTIFICATE--- and ---END CERTIFICATE--- lines).

You’ll need this for the Fugo SSO configuration.

Assign users & roles in Entra ID

Almost there! Before anyone can use SSO, you’ll need to assign them to the app in Entra.

  1. In the app’s overview, select Users and groups.

  2. Click Add user/group and assign users who need access to Fugo.

  3. Optionally, assign roles if you have configured role-based access.

Hybrid deployments

If your users are synchronised from on-premises Active Directory, ensure they appear in Entra ID and are assigned to the Fugo SSO app.

Configure Fugo SSO

  1. Log into your Fugo account.

  2. Go to Account Settings > Single Sign On.

  3. Enter:

    • Identity Provider Name: (e.g., Entra ID)

    • Login URL: (from Entra SAML configuration)

    • Logout URL: (from Entra SAML configuration)

    • Domain: (your corporate domain)

    • Certificate: (paste the Base64 content copied earlier)

  4. Save your settings.

  5. Fugo will now display the correct Redirect URL (ACS) and Entity ID.

Update SAML settings in Entra ID

  1. Return to Basic SAML Configuration in Entra ID.

  2. Replace the dummy Entity ID and Reply URL (ACS) with the actual values from Fugo.

  3. Save your changes.

Testing SSO

  1. Sign out of Fugo.

  2. On the login page, choose Sign in with Single Sign-On.

  3. Enter your Entra ID email address.

  4. Complete the Entra ID authentication.

  5. When prompted, link your Fugo account if required.

Assigning Fugo roles & space memberships from your IdP

Once users are logging in, these claims help Fugo know who belongs where and what they can do. A couple of details to watch for:

  • The fugo_role claim must match a role name in your Fugo account. If not found, the user is assigned the default role (typically “admin”, but this can be changed).

  • The fugo_space claim must correspond to an existing Fugo space; otherwise, the user is added to the root space.

Troubleshooting & support

If things don’t go quite as planned, don't fret. Here are a few quick checks to get you back on track.

  • If you encounter issues, double-check the ACS and Entity ID values in both Fugo and Entra ID.

  • Ensure the certificate is correctly formatted.

  • For hybrid setups, verify that directory synchronization is healthy and that users have been assigned the Fugo SSO app.

If you need more help, reach out to our team at support@fugo.ai or write to us in the handy in-app support chat!

Related Articles
How To Share A Tableau Dashboard To Your Digital Signage Screens With Fugo's Dashboard Recorder
How To Configure SSO With Okta
Adding Google Workspace SAML Idp to Fugo Single sign-on
How To Use Single Sign On (SSO) To Log Into Your Fugo Account
Using SAML & Other SSO Providers With Fugo TV Dashboards
Did this answer your question?