Skip to main content

How to Connect Faddom to SSO

Alex Patnick avatar
Written by Alex Patnick
Updated today

Faddom allows you to setup user authentication from any IdP using SAML/SSO authentication. To do this, you can follow the below guide, which is based on Azure EntraID. The process for other IdPs are similar and the fields required are identical for all. If you have any issues, please contact support@faddom.com.

To set this up, first navigate, in Faddom, to Settings > Access Control > Identity Providers will be presented with this page.

The Name is the display name in the Faddom UI, and is especially useful is you need to configutre multiple IdPs. This is the name that Faddom will display on the Faddom login page that users see. This is defined by yourselves and can be anything you wish.

For the rest of the fields, some require information from the IdP and some is information to be placed in the IdP. To complete the fields, follow the guide below (based on EntraID).

To set this up in Azure, you need to do the following -

  1. Create an Enterprise App Registration. If you are mapping an Azure environment, this is different to the App Registration needed for Azure discovery.

  2. Select Create your own application. You will see the below popup and you enter the name of the Application - we recommend Faddom - and select the third option

  3. Once the app is generated, open it up if it doesn't do so automatically and select Single Sign On > SAML

  4. Click on Edit in the Basic SAML Configuration, set the SP Entity ID in your provider. You can either copy the default value in Faddom of https://faddom.com or you can set a custom one in the IdP provider and paste this into Faddom.

  5. Copy the Reply URL field from Faddom and paste it into the provider section

  6. Copy the metadata URL or download the file to enter into Faddom
    Note: To use the metadata URL Faddom needs direct access to the URL provided. If it does not have this, please use the file from your IdP.


  7. Copy the Login URL and IdP Identifier (in this example it is the Microsoft Entra Identifier) and paste the two values into the relevant field in Faddom

  8. To allow the application to work, you need to assign a group. To do thi,s click on Add Users and Groups. The group needs to be assigned to the user either in a local on-prem LDAP (e.g. Active Directory) and synchronised with the IdP (e.g. EntraID) or it can be assigned directly in the IdP (e.g. Azure/EntraID)

    Assign user account to an application in your Microsoft Entra tenant.

  9. Select one or more users or groups from the list by clicking them. The ones you select are listed under Selected items.

  10. Click Select. The number of users and groups selected are shown on the Add Assignment page then click Assign

  11. Next, a Group Claim needs to be created for the Application. To do this click on Edit on Attributes & Claims

  12. Click Add a group claim and select Groups assigned to the application

    1. In Source Attributes select sAMAccountName

    2. Select the checkbox for Emit Group name for cloud-only...

    3. Select Advance Options

    4. Select Customized the name of the group claim

    5. Type the name of the attribute name faddom.roles or your chosen name, and ensure it is matched to the Role Attributes field in Faddom.

    6. Save

  13. Click on Save

  14. You can then follow our guide How to Setup User Access to setup the roles in Faddom to match a role in Azure to provide users with the permissions to access Faddom

Did this answer your question?