Follow this guide to configure Microsoft Entra ID (formerly Azure Active Directory) as the identity provider (IdP) for single sign-on (SSO) access to the Humanforce Work App.
Before you start
To complete this setup, you’ll need:
- Admin access to Microsoft Entra ID (Application Administrator or Cloud Application Administrator role)
- Your Humanforce Web URL (for example,
https://yourcompany.humanforce.com) - Your organisation’s login email domain (for example,
yourcompany.com)
Note: The Microsoft Entra admin centre interface may change over time. The steps below reflect the current process, but you can refer to Microsoft’s documentation for the latest interface updates.
Part 1: Create the Humanforce Work App in Microsoft Entra ID
- Sign in to the Microsoft Entra admin centre using your administrator credentials.
- Go to Applications > Enterprise applications.
- Select + New application.
- Choose Create your own application.
- Enter a name such as Humanforce Work Mobile App.
- Select Integrate any other application you don’t find in the gallery (Non-gallery) and click Create.
- Once created, go to the new app’s Overview screen and select Single sign-on.
- Choose SAML as the single sign-on method.
After setup, the app will appear in your organisation’s list of enterprise applications.
Part 2: Configure SAML settings
- Under the SAML-based Sign-on section, click Edit.
- Enter the applicable attributes for your region:
- AU
-
Identifier (Entity ID):
urn:amazon:cognito:sp:ap-southeast-2_W7tgpw6cA -
Reply URL (Assertion Consumer Service URL):
https://auth.humanforce.com/saml2/idpresponse -
Sign on URL (optional):
https://auth.humanforce.com/oauth2/idpresponse
-
Identifier (Entity ID):
- UK
-
Identifier (Entity ID):
urn:amazon:cognito:sp:eu-west-1_Pu3GulRQe -
Reply URL (Assertion Consumer Service URL):
https://auth.humanforce.co.uk/saml2/idpresponse -
Sign on URL (optional):
https://auth.humanforce.co.uk/oauth2/idpresponse
-
Identifier (Entity ID):
- US
-
Identifier (Entity ID):
urn:amazon:cognito:sp:us-east-1_6xCdFKfk1 -
Reply URL (Assertion Consumer Service URL):
https://auth.us.humanforce.com/saml2/idpresponse -
Sign on URL (optional):
https://auth.us.humanforce.com/oauth2/idpresponse
-
Identifier (Entity ID):
- AU
- Click Save to apply your changes.
These values link Microsoft Entra ID to Humanforce’s authentication service powered by Amazon Cognito.
Part 3: Assign users or groups to the application
- In the application menu, go to Users and groups > + Add user/group.
- Click None selected.
- Locate and select the individual users or groups you want to enable SSO for.
- Click Select, then Assign.
Assigned users will now have access to sign in via the Humanforce Work App using their Microsoft credentials.
Part 4: Download your Federation Metadata XML
- In the SAML Signing Certificate section, locate the Federation Metadata XML.
- Click Download and save the file securely.
This metadata file contains the public certificate used to validate identity assertions from Microsoft Entra ID.
Part 5: Provide setup details to Humanforce
To finalise the SSO configuration, send the following to Humanforce Support:
- Your Humanforce Web URL (e.g.
https://yourcompany.humanforce.com) - Your organisation’s email domain used for login (e.g.
yourcompany.com) - The Federation Metadata XML file from Part 4
Support will configure Humanforce’s authentication system to trust your identity provider and enable login for mobile users.
Once complete, users will be able to access the Humanforce Work App using Microsoft Entra ID credentials.
Additional information
- Microsoft Entra ID may update its interface and field names periodically. Always check Microsoft’s Entra documentation for the most up-to-date setup guidance.
- To test your setup, use the Test SAML login option under Single sign-on in Microsoft Entra ID.
- If you're using custom attributes or roles, speak with your internal IT team or Humanforce Support for advanced configuration options.