Skip to main content

Configure Microsoft Entra ID as a HyperComply SAML IDP

Updated over a month ago

With HyperComply's ability for different SAML IDP configurations, it’s easier than ever to enable your team to authenticate into HyperComply within your SAML IDP provider instead of the usual email and password combination.

Process description:

This article will allow organizations to configure Entra ID (formerly Azure) as their SAML IDP for HyperComply by creating the required HyperComply Entra ID “Enterprise Application”. Any user that logs into HyperComply via Entra ID after completing this process will have an account created for them (if they don’t already have an account).

Prerequisites:

  • Access to Entra ID Admin Portal and ability to add/configure custom SAML apps

    • Note: If you are experiencing issues accessing Entra ID, please contact your Entra Admin or CSM as HyperComply has limited access

  • Admin access for HyperComply

  • Reach out to your CSM if you are not able to access the SAML configuration page in step 1

Gathering materials/resources:

How to contact your CSM:

Step-by-step instructions:

  1. Navigate to the HyperComply SAML configuration page by clicking here or copy and paste the URL below into your browser:

    1. https://app.hypercomply.com/settings/saml_config

  2. Copy the value of the “SAML ACS Endpoint” at the bottom of the screen

    1. Keep this tab open and complete the steps below, you will need to enter some values from OneLogin on this screen at the end of this process.

  3. Open a new tab and log into your Entra ID Admin Portal

  4. Navigate to the Entra ID > Enterprise Applications settings page

  5. Click New Application and then Create your own application

    1. Name the new application according to your normal naming convention or we recommend HyperComply as best practice

    2. Select Integrate any other application you don’t find in the directory

    3. Click Create

  6. Navigate to Users and group in the left pane and assign yourself as a user to test the integration

  7. Navigate to Single sign-on in the left pane and choose SAML

  8. Click Edit for the Basic SAML Configuration section

    1. Add the SAML ACS Endpoint value you copied from HyperComply into the “Identifier (Entity ID)” and check the Default checkbox next to this value.

      1. Note: If there is a default value in this field that was there when you opened the page, this can be deleted and replaced

    2. Also add the SAML ACS Endpoint value you copied from HyperComply into the “Reply URL (Assertion Consumer Service URL)

    3. Click Save

  9. Under the SAML Signing Certificate section, copy the URL shown in the “App Federation Metadata URL” field

    1. Open the URL in a new tab, this will show a large XML document.

    2. Search for X509Certificate

      1. Copy the first value found into the “IDP Certificate” field in HyperComply

        1. Note: It should be roughly 1000 characters long

  10. Back on the Single sign-on screen, scroll down to Step 4 (‘Set up {application name}’).

    1. Copy the value marked as Login URL and paste it into the “IDP Endpoint URL” in HyperComply

      1. It should look something like:

https://login.microsoftonline.com/92977eee-c4e2-43ab-0000-90b900001843/saml2’

  1. Copy the value marked as Microsoft Entra Identifier and paste it into the “IDP Entity ID” field in HyperComply

    1. It should look something like:

https://sts.windows.net/92977eee-c4e2-43ab-0000-90b900001843/’

  1. Check the Enable SAML box in HyperComply and click Save

  2. In the final Test single sign-on with HyperComply section, click Test

    1. Select Sign in as current user and click Test Sign In

    2. You should be logged into HyperComply successfully

Tips and best practices:

Use two monitors or side by side browser windows

Have one monitor display two browser windows open side by side to easily copy and paste information from Entra into HyperComply while the other monitor has this article open for instructions.

Next steps:

You will also be able to set up SCIM provisioning once Microsoft Entra ID is set up as a HyperComply SAML IDP.

Additional information:

Allowing Entra users to log into HyperComply can be done by adding and removing Organizational Units to the SAML application through the Entra admin portal.

Disclaimer/Notes:

If there are any errors or incorrect information from within your Entra Admin portal, please speak to your Entra point of contact as HyperComply does not have the necessary access to adequately provide support.

If you have any further questions or troubles regarding your setup, contact us through the help center chat.

Did this answer your question?