In some cases you want a custom Microsoft SSO login flow for users within your organization as the out of the box Microsoft (OpenID Connect based) login of RESPONSUM is not entirely what you are looking for.
This guide will show you the steps to create a Microsoft SAML 2.0 enterprise application in order to allow login from RESPONSUM to your specific Active directory.
Step 1: Request that you want to activate a specific Microsoft SAML SSO integration
Send us an email via support@responsum.eu with a brief description that you want to create a specific Microsoft SAML SSO login flow for your RESPONSUM environment. As a reply back from us, you will receive two URL’s that you will need to conduct the next steps.
- The first URL is the redirect URI that will be added as “Reply URL (Assertion Consumer Service URL) (ACS)” later and will look something like this:
- https://id.responsum.app/realms/<companyname>/broker/microsoft/endpoint
- The second URL you will receive is our “Entity ID” and will look something like this:
- https://id.responsum.app/realms/<companyname>
- https://id.responsum.app/realms/<companyname>
Step 2: Register the app in Microsoft Entra Admin Center
Create a new “Enterprise application” in the “Identity” >> “Applications” section of the Microsoft Entra admin center.

- Select “New application” followed by “Create your own application”
- In the side-menu that opens, a name should be provided for this application (e.g. “RESPONSUM SSO Login”)
- For the question “What are you looking to do with your application?”, select the third option (Integrate any other application you don’t find in the gallery (Non-gallery))
- Press “Create”

- Once the app is created, on the homepage or via the side menu, select “(set up) Single sign on”

- Select “SAML” as a single sign-on method
- You are directed to a step by step guided flow to setup SSO with SAML:
- 1. Basic SAML Configuration:
- Provide the “Entity ID” URL found in step 1 as the “Identifier (Entity ID)”
- Provide the “Redirect” URL found in step 1 as the “Reply URL (Assertion Consumer Service URL)”
- Press “Save” in the top left

- 2. Attributes & Claims
- No changes are required here
- 3. SAML Certificates
- Copy the “App Federation Metadata Url” using the copy button and store this URL somewhere to be provided back to RESPONSUM as described in in step 3
- 4. Set up RESPONSUM SSO login (SAML)
- No action is required here
- 5. Test single sign-on
- As RESPONSUM does not allow you to come in from Microsoft for login, this test will not be functional, hence it can be skipped. In step 3 you can test the login flow directly via RESPONSUM.
- As a final step in the configuration within Entra, be sure to assign this application to specific users or groups of users so they are allowed to use the SSO integration with RESPONSUM
- This can be done by in the left side menu navigating to “Users and groups”.
- Here you can define either individual users or groups to receive access to our application through SAML SSO.

Step 3: provide the “App Federation Metadata” URL to RESPONSUM Support
The meta data URL you copied from the Microsoft Entra admin center in Step 2 now needs to be provided back to RESPONSUM in order to complete the setup.
We recommend to provide the URL in a separate email to support@responsum.eu. If you want additional security for the transfer of this URL as a file (as it contains a certificate values), send us an email upfront via support@responsum.eu, and we will provide a secure upload zone where you can upload the file with the URL and provide it to us directly.
When the file is received, RESPONSUM will do the final configuration and a “Microsoft (SAML)” login button will appear on the login page of RESPONSUM. We will get back to you in a reply on one of the emails when the integration will be activated and available. After this communication, run a thorough test to see if all works as intended for the earlier assigned users to the entra application.
Enjoy using your specific Microsoft SAML SSO flow for login to RESPONSUM!