This manual provides step-by-step instructions to configure Single Sign-On (SSO) for PADS4 using Microsoft Entra ID (formerly Azure Active Directory).

1. Azure Configuration (Microsoft Entra ID)

To enable access to PADS4 through Microsoft Entra:

Step-by-step

  1. Go to https://portal.azure.com and sign in as an administrator.
  2. In the left menu, select Microsoft Entra ID.
  1. Select Enterprise Applications.
  1. Click + New Application.
  1. Choose “Create your own application”.
  1. Fill in the information for the form
  1. Click Create

Assign Users & Groups

  1. Open your newly created application by going back to Enterprise Applications and searching for it.
  1. Select Users and Groups. a. Click Add user/group. b. Select None Selected, then search and select users or groups. c. Click Select, then Assign.

💡 Tip: Create a dedicated PADS4 CMS group in Windows Server AD and assign it here.

Configure SAML SSO

  1. Go to Single sign-on in the left pane.
  2. Choose SAML.
  1. Under Basic SAML Configuration, click Edit and add:
  • Identifier (Entity ID): https://romy.pads365.com/saml
  • Reply URL: https://romy.pads365.com/rdx/nds.services.authentication.integration/api/v1/Saml2/Acs

Click Save.

2. Attributes & Claims Setup

  1. While in Single sign-on, go to Attributes & Claims and click Edit.
  1. Ensure claims match the required structure for successful login.
  1. Specifically, configure the group claim properly:

⚠️ If the group claim is misconfigured, the login will redirect with this error: No account is defined for your authentication request

3. Configure SSO in PADS4 Portal

Access PADS4

  1. Log in to your PADS4 Dashboard in a web browser.
  2. Select Credentials from the left menu.
  1. Go to Providers > Identity > Microsoft Entra.

Enter Provider Information

Fill in the following fields using values from Azure:

  • Name: Friendly label shown on login page

  • Federation Service Identifier:

    • From Single sign-on > Set up your_app section
    • Copy the Azure AD Identifier

  • Reply URL: Your PADS environment (e.g., https://pads4serverip)

  • Metadata URL:

    • Found under SAML Certificates
    • Copy the App Federation Metadata URL

  • Certificates:

    • Upload the raw Microsoft Entra certificate (.cer)
    • Upload the private key certificate (.pfx) used for HTTPS

Click Create to save.

4. Mappings & Group Management

  1. Go to Overview under Credentials.
  2. Click Connect, then New to create mappings and groups for this provider.

Find Group ID in Azure

  1. In portal.azure.com: a. Go to Microsoft Entra ID b. Select Groups c. Search for your group d. Copy the Object ID (this is the Group ID)

Create Group Mapping

  1. In PADS4, click New Group
  1. Enter the copied Group ID
  2. Assign roles from the dropdown list
  1. Save the group. You can add multiple roles per group.

5. Finalizing SSO

  • Logout and refresh the PADS4 Portal
  • The SSO Login button should now be visible
  • You can now sign in using Azure credentials