Microsoft Entra ID Single Sign-On (SSO)

This guide walks you through enabling Microsoft Entra ID single sign-on for your Tendium organization. Once configured, team members can log in using their company Microsoft accounts.

Prerequisites

• You must be logged in as the company admin for your Tendium account
• Access to the Microsoft Azure portal (your IT department will need to perform some steps)

Part 1: Open the Security settings in Tendium

1. Go to https://app.tendium.com/auth/sign-in and log in as usual.

2. Click your name in the upper left corner and choose Company.

   

3. In the left panel, click Security.

4. You will see the Single Sign On section with your SSO domain displayed. This should match the domain your company uses in email addresses.

   

Note

If the SSO domain is wrong, please contact Tendium support to resolve it.

Part 2: Select Microsoft Entra ID as your provider

1. Under SSO provider, select Microsoft Entra ID.

2. You will now see fields for Identifier (Entity ID), Reply URL, and *App Federation Metadata URL.

   

3. Keep this page open — you’ll need the Identifier and Reply URL values when configuring Azure, and you’ll come back to paste the App Federation Metadata URL.

Part 3: Set up Tendium in Microsoft Azure

Tip

The steps below should be done by an IT administrator within your company, as it requires access to certain parts of your Microsoft setup. We recommend sending this page to your IT admin and asking them to send you back the App Federation Metadata URL once they have completed these steps.

1. Sign in to the Azure portal using your work account or a personal Microsoft account.
2. Open the left navigation pane and select the Microsoft Entra ID service.
3. Navigate to Enterprise Applications and then select All Applications.
4. Select New application in the top bar menu.
5. In the Browse Microsoft Entra ID Gallery section, search for Tendium and choose the app with the Tendium logo.
6. Click the Create button to add the Tendium application.

Part 4: Configure SAML in the Azure portal

1. On the Tendium application overview page, find the Manage section in the left navigation pane and select Single sign-on.
2. On the Select a single sign-on method page, select SAML.
3. Click the edit icon for Basic SAML Configuration to edit the settings.
4. Enter the values from Tendium’s Security settings page:
   • Identifier (Entity ID) — copy-paste from Tendium
   • Reply URL — copy-paste from Tendium
   • Sign on URL — copy-paste from Tendium
5. Click Save.
6. On the Set up single sign-on with SAML page, scroll to the SAML Signing Certificate section and find the App Federation Metadata URL. Copy this URL.

Part 5: Complete the setup in Tendium

1. Go back to the Tendium Security settings page you left open earlier.
2. Paste the URL in the *App Federation Metadata URL field.
3. Press Establish connection.
4. Toggle Enable SSO.

Part 6: Add users in Azure

1. Go back to the Microsoft Azure Portal and under SAML-based sign-on, select Users & Groups in the left pane.
2. Click Add to add staff members and colleagues who should have access.

How your team logs in

Once SSO is enabled, your colleagues can log in at app.tendium.com using the Continue with SAML SSO button on the login page.

Tip

Make sure to let your colleagues know they should click “Continue with SAML SSO” rather than entering a password manually.