Overview

Microsoft 365 Single Sign-On (SSO) allows your users to log in to the MPaware portal using their Microsoft credentials. This way, users no longer need to worry about remembering their password for their MPaware  account, and the login process is as easy as entering their email address, to be directed to verification. This guide covers how Partner Administrators can configure SAML-based SSO through Microsoft Entra Admin Center.

Step 1 – Access the Client View

1. Log in to the MPaware  portal as a Partner Administrator.
2. Click Manage Clients to view your client list.
3. Select the client you want to enable Microsoft 365 SSO for.

Step 2 – Open SSO Settings in MPaware  

1. Go to the User Management tab.
2. Click the Single Sign-On button.
3. Click the Microsoft logo to start SSO configuration.

Note: Keep this page open — you will need the Application ID URL and Redirect URL for later steps in Entra Admin Center.

Step 3 – Create an Application in Microsoft Entra Admin Center

1. In a new tab, go to Microsoft Entra Admin Center.
2. Navigate to Enterprise applications.
3. Click New application.

1. Select Create your own application, enter a name (e.g., “BSN SSO”), choose Integrate any other application you don’t find in the gallery (Non-gallery), then click Create.

Step 4 – Configure SAML Settings in Entra

1. In the new application, go to Single sign-on and select SAML.
2. In MPaware , copy the Application ID URL and Redirect URL.
3. In Entra, under Basic SAML Configuration, click Edit.
4. Click Add identifier and paste the Application ID URL.
5. Click Add reply URL and paste the Redirect URL.
6. Click Save, then close the configuration window.

Step 5 – Add Email Claim

1. In Attributes & Claims, click Edit.
2. Click Add new claimand fill in the following:
   • Name: Email
   • Namespace: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
   • Source: Attribute
   • Source attribute: user.mail

3. Click Save, then close the Attributes & Claims window.

*Optional: If you are running into a situation where you are trying to enable SSO and a client has a UPN focused sync, you can use this set up to enable UPN instead of email. 

"When creating the custom Email claim, set its attribute to user.userprincipalname. Additionally, update the default preconfigured claim emailaddress so that it also maps to user.userprincipalname."

Step 6 – Get Metadata URL and Complete Setup

1. Back in Entra, within the Properties section, change the Assignment required? option to No and click Save.
2. In SAML Certificates, copy the App Federation Metadata URL.

1. Return to the MPaware  portal and paste the Metadata URL into the SSO configuration.

Optional: Enable Skip Identity Provider Logout if you want users to remain logged into Microsoft 365 after logging out of MPaware.

Step 7 – Grant Permissions and Test Login

1. If required, provide consent for the SSO application to be enforced across the account.
2. Log out of MPaware  and log back in with a client user account where SSO was configured.
3. If prompted by Microsoft, check Consent on behalf of your organization and click Accept.

You have now successfully set up Microsoft 365 Single Sign-On for your client in the MPaware  portal.