How do I set up my MS Entra ID (Azure) for a BOC product? March 15, 2026 13:20 Updated Important: This guide provides a possible approach to setting up MS Entra ID (Azure), based on best practice. However, please note that we cannot take any legal responsibility for the implementation and the possible consequences resulting from it. It is mandatory to involve an IT specialist on your side to verify and maintain the connection. Step Description 1 Use the search bar (1) of your Azure AD Portal to find "Enterprise applications" (2). 2 Under All Applications (1) select New application (2), then click on Create your own application (3). 3 Enter the name of your BOC application e.g. "ADONIS", "ADOIT" or "ADOGRC". 4 Open the Azure application you just created and select Single sign-on (1), then switch to SAML (2). 5 Under the item Basic SAML Configuration select the Edit (1) function and enter the "Identifier (Entity ID)" and "Reply (Assertion Consumer Service URL) Attributes" which you have received from BOC. 6 After entering, scroll down to Attributes & Claims and click on Edit. 7 Adjust the claims. Required are user.givenname, user.surname, user.mail, user.groups and user.userprincipalname. Make sure that the correct Source attribute is set. sAMAccountName for synced ADFS groupsCloud-only group display names for Azure groups 8 Scroll down to Step 4 and copy the Login URL from the Set up ADONIS panel. Share the URL with your BOC technical support contact. 9 Download the Federation Metadata XML and/or the Certificate (Base64) from the SAML Certificates panel. 10 Upload the certificate to the fileshare link provided by BOC.The BOC technical customer support will now guide you through the next steps of your SSO setup. Optional: Assertion Encryption You can set up a certificate for assertion encryption if required. If you have ordered the SAML setup for a SaaS environment from BOC, you can request this certificate from your contact person in the support ticket. For the transmission, we must use a 2FA-secured upload link, which is why we require an SMS-capable mobile phone number from you. Step Description 1 Now search for "Azure Active Directory" using the search bar (1) and click on the result (2). 2 Select App registrations on the right side and search for your newly created application. Open it. 3 Select Certificates & secrets on the right side. 4 Switch to the tab Certificates (1) and upload the Service Provider Token Signing certificate you received from BOC via Upload certificates (2). 5 Go back to your AD application and click on Users and groups on the right, then on Add user/group (1). Add the users and/or groups here that should be able to access your BOC product. Related articles Common Azure AD Errors Local Users in a SSO Scenario What is LDAP Mapping? How can I administer a LDAPs certificate exchange? How do I change the languages in my BOC product?