Folio supports Single Sign On with Microsoft Azure. You will need to configure both Microsoft Azure as well as Folio.
Folio also allows you to have multiple Single Sign on IdP's - Meaning you could have two Microsoft Azure Logins or have one Microsoft Azure login button and one Okta login button.
Here are the instructions on how to set up Single Sign On with Microsoft Azure.
Set up in Microsoft Azure
Step 1: Log into your Microsoft Azure account and click on Azure Active directory.
Step 2: Click on ‘App registrations’ to view list of registered applications.
Then click on ‘New registration’ to register a new application.
Step 3: Fill in the following then click ‘Register’.
Name | Folio |
Supported account types | Accounts in this organizational directory only (Default Directory only – Single Tenant) |
Redirect URI | Web https://your-folio-instance.foliogrc.com/d/users/auth/saml/callback |
Step 4:Click on ‘Add an Application ID URI’.
Step 5: Now click on ‘Set’.
Step 6: Copy the Application ID URI into a notepad, you will need this for your SAML Settings in Folio Later
Step 7: In ‘Overview’ click on ‘Endpoints’
Step 8 : Copy the ‘Federation metadata document’ and ‘SAML-P sign-on endpoint’ into a notepad. You will need this for your SAML setting in Folio settings later.
Optional : Add SAML To your Sandbox
Step 9 : Click on Authentication.
Step 10: click Add URI and add the below url into the box, replacing it with your folio instance name
https://your-folio-instance.sandbox.usefolio.com/d/users/auth/saml/callback
Set up in Folio
Login as a Super User, click on the Admin Gear Wheel and then on Sign On and Security and then click Edit.
Tick Single Sign on through SAML
Fill in the Fields using the
Name | Azure |
Issuer | The Application ID URI you copied from Azure |
IDP SSO Target URL | The setting you copied from Azure ‘SAML-P sign-on endpoint’ from step 7. |
Federation XML URL | The setting you copied from Azure ‘Federation metadata document’ from step 7. |
IDP Certificate SHA1 Fingerprint | leave this blank |
ID Claim/Name ID Format | urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress |
Step 10: Now logout and you should see the ‘Sign in using Azure’ button on the login screen. Try logging in using the button.
Special Note for Azure AD Connect
If you are using Azure AD Connect make sure that the forest that Folio users belongs to has ‘Enable Single Sign On’ settings turned on.