This guide provides step-by-step instructions to integrate Microsoft Entra ID with Lema using SAML-based Single Sign-On (SSO).

🛠️ Step 1: Add Lema as an Enterprise Application

1. Sign in to the Microsoft Entra admin center with an account that has at least the Cloud Application Administrator role.

2. Navigate to Identity > Applications > Enterprise applications > New application.

   

3. Select Create your own application.

   

4. Enter a name for the application (e.g., “Lema SSO”) and choose Integrate any other application you don’t find in the gallery (Non-gallery).

   

5. Click Create to add the application.

🔧 Step 2: Configure SAML-Based Single Sign-On

1. In the newly created application, go to Single sign-on and select SAML.

   

2. In the Basic SAML Configuration section, click Edit and enter the following:

   • Identifier (Entity ID)

     

   • Reply URL (Assertion Consumer Service URL)

     

     You can find both the Identifier (Entity ID) and Reply URL (ACS URL) in your Lema workspace by navigating to Settings → SSO → Microsoft Entra ID and going through the detailed guide.

3. Click Save to apply the settings.

4. To add users and groups to the app, click on Users and groups, and then on Add user/group.

5. In the Users section on the left, click on None Selected. On the right side pane, select the users or groups you want to give access to your app. Finish by clicking on Select on the bottom.

   

6. Click on Assign on the bottom.

📄 Step 3: Download SAML Certificate

1. Select Single sign-on from the left side pane.

2. Scroll down to section 3: SAML Certificates.