Skip to main content

5. Setting up the Single Sign-On (SSO)

Agriplace Support
  • Updated

This article shows you how you can set up the single sign-on for your organisation with your Microsoft Entra ID. To set up the connection you need to have a Pro-Account and reach out to the Agriplace team to enable the function. If you connect the Microsoft Entra ID your colleagues can sign in to Agriplace using their Microsoft work credentials. That allows you to easily onboard colleagues to Agriplace. 

To be able to set up the connection you need to have:

  • A Microsoft Entra ID tenant
  • Admin access to that tenant
  • Agriplace Chain account with Owner permissions

Ho to set it up?

Step 1: Start SSO Setup on Our Platform

  1. Log in to your Agriplace Chain account
  2. Go to Company Settings -> Company security 
  3. Click "Connect Microsoft EntraScreenshot 2025-05-08 at 12.11.45.png
  4. You’ll receive:
    • Entity ID
    • Reply URL

Step 2: Register a New Enterprise Application in Entra 

  1. Go to the Entra portal
  2. Navigate to Applications -> Enterprise applications
  3. Click "+ New application"Screenshot 2025-05-08 at 12.16.11.png
  4. Choose "Create your own application"
  5. Name it something like YourBestPlatform - SSO, select Integrate any other application, and click Create.Screenshot 2025-05-08 at 12.18.09.png

Step 3: Set Up SAML SSO

  1. Once the app is created, go to Single sign-on → choose SAML.
  2. Under Basic SAML Configuration, click Edit and fill in Entity ID and Reply URL you got the the step above
  3. Save your changes.

Step 4: Configure Attributes & Claims

This step is required to ensure correct user mapping and access.

This step ensures that your user data (like name, email, and locale) is sent from Microsoft Entra ID to Agriplace Chain. Without these claims, users may not be created correctly, and their sessions may lack required context.

  1. Go to Attributes & Claims.
  2. Click Edit.
  3. Add or update the following claims(you will also need to make the names shorter):Screenshot 2025-05-08 at 13.01.28.pngScreenshot 2025-05-08 at 13.07.05.png
  4. Remove any default claims that conflict or duplicate the above
  5. Enable “Emit claim as a JWT” for the following:
    • emailaddress
    • name

       

       

This ensures the values will be available in the JWT token passed to your platform via Cognito.

Screenshot 2025-05-08 at 13.13.15.png

Screenshot 2025-05-08 at 13.13.45.png

 

  1. For Unique User Identifier, ensure it's configured as:Screenshot 2025-05-08 at 13.14.52.png

Enable users access

Screenshot 2025-05-08 at 13.15.40.png

 

Step 5: Download SAML Metadata

  1. Scroll to SAML Certificates section
  2. Copy App Federation Metadata Url

Screenshot 2025-05-08 at 13.16.31.png

 

Step 6: Upload Metadata to Our Platform

  1. Go back to your Agriplace Chain SSO setup screen, click “next”
  2. Paste the App Federation Metadata Url
  3. Click “Enable”.

Screenshot 2025-05-08 at 13.17.21.png

Our system will validate the metadata and automatically configure the SSO connection in the background.

Now you have access to the sign-up URL to use to login to Agriplace Chain via Microsoft Entra!

Screenshot 2025-05-08 at 13.18.03.png

 

After completing the SSO setup, the final step is to verify your email domains and associate them with your organisation’s identity provider. This allows us to automatically detect users from your company based on their email and route them through the correct login flow.

Verifying domains is highly recommended, since it will lead to better UX for users.

With domain verification:

  • Users from your company are automatically redirected to your Microsoft SSO login.
  • No need for them to remember or choose a specific login method.
  • Only authorized organizations can claim a domain—improving security.

Step-by-Step: Domain verification

Step 1: Go to Domain Verification Settings

  1. Go to Company SettingsCompany security → Domain verificationScreenshot 2025-05-08 at 13.19.24.png

Step 2: Add Your Company Domain(s)

  1. Enter your domain (e.g. agriplace.com).
  2. Click “Add domain”.

Our platform will generate a unique DNS TXT record for you to add to your domain’s DNS configuration.

Screenshot 2025-05-08 at 13.20.05.png

Step 3: Add the DNS TXT Record

  1. Log in to your domain registrar (e.g. GoDaddy, Namecheap, Cloudflare, etc.).
  2. Navigate to the DNS management page.
  3. Add the provided TXT record:
Type Name / Host Value
TXT agriplace-chain-verification <dns token value>
  1. Save the changes. DNS updates may take up to 30 minutes to propagate, but often go through faster.

Step 4: Verify the Domain

  1. Go back to Agriplace Chain → Domain Verification page.
  2. Click “Verify” next to your domain.

Screenshot 2025-05-08 at 13.21.05.png

We’ll check your DNS record and confirm ownership.

Once verified, your domain will appear as "Verified" and be linked to your organisation.

 

Troubleshooting

  • You do not see the “Create Microsoft Entra” button
    • Make sure you have enabled the feature flag for a tenant
    • Make sure you are the account owner
  • Entra setup is failing
    • Make sure you are providing the correct “App Federation Metadata Url”
  • New Agriplace Chain users are missing theirs email/name
    • Make sure you correctly set up Attributes & Claims

For other questions contact Agriplace Support chainsupport@agriplace.com

 

 

Related articles

Comments

0 comments

Please sign in to leave a comment.