Feature availability
- Platforms: Desktop only
- Plans: Select School and Business plans
- Team roles: Administrators
Important: The BioDigital team must first enable SSO for your account. If you are interested in enabling SSO for your team, contact your dedicated Account Manager or our Customer Experience team.
Use this guide to configure Microsoft Entra SAML single sign-on (SSO) for your BioDigital Human team. Once enabled, eligible users can sign in using their Microsoft Entra credentials instead of a separate BioDigital password.
Before you begin
Before starting configuration, make sure:
- Your organization uses Microsoft Entra ID
- You have administrator access to the Microsoft Entra admin center
- You also have administrator access to your BioDigital Human team account
Step 1: Create a new enterprise app for the BioDigital Human in Microsoft Entra
Start by creating a new enterprise application for the BioDigital Human in Microsoft Entra:
- Log in to the Microsoft Entra admin center as an administrator.
- Use the search bar at the top of the page to search for “enterprise applications.”
-
Select Enterprise applications from the search results.
Click image to expand - Click + New application at the top of the page.
- Click + Create your own application.
- On the next page:
- Enter "BioDigital Human” (or your preferred app name).
- Select “Integrate any other application you don't find in the gallery (Non-gallery).”
- Click Create.
Step 2: Configure your new app in Microsoft Entra
Next, configure your new enterprise application to integrate with the BioDigital Human:
- Still in the Entra admin center, open the BioDigital Human enterprise app you just created.
- Under Manage, select Single sign-on.
- Select SAML as your single sign-on method.
-
Under Basic SAML Configuration, enter the URLs below.
Identifier (Entity ID) https://human.biodigital.com/entra_saml/metadataReply URL (Assertion Consumer Service URL) https://human.biodigital.com/ws/user/sign/in/entra_saml - The default attributes and claims are usually sufficient, but verify that the following claims are present:
- givenname
- surname
- emailaddress
- name
- Unique User Identifier
- Back on the main app page under Manage, click Users & Groups.
- Confirm that all users who should access the BioDigital Human through Microsoft Entra have been assigned to this application. If any are missing, assign them now.
Step 3: Collect your Microsoft Entra metadata URL
To complete SSO configuration in the BioDigital Human, you will need your Microsoft Entra metadata URL:
- In your BioDigital Human enterprise application, return to Single sign-on.
- Under SAML Certificates, copy the App Federation Metadata Url.
- Store this value for use in Step 4.
Step 4: Configure SSO in the BioDigital Human
The final step is to create your SSO configuration in the BioDigital Human using the metadata URL from Microsoft Entra:
- Log in to the BioDigital Human.
- Click the profile icon in the upper-right corner and select Team from the drop-down menu.
- Click Manage.
- Open the Team Access tab and scroll down.
- Under Single Sign-On (SSO) Configuration, click + Add SSO Configuration.
- Under SSO Provider, select Microsoft Entra ID (SAML) from the drop-down menu.
- Enter a Configuration Name.
- Enter the metadata URL you copied in Step 3.2 into the Metadata URL field.
- Check the box next to Enable this SSO configuration.
- Click Save Configuration.
Success—your Microsoft Entra SAML integration is now active!
What to expect after SSO is enabled
Existing users
The next time an existing team member signs in, they will be prompted to link their BioDigital Human account to their Microsoft Entra account.
Once linked, future logins will occur through SSO.
New users
New team members will be prompted to authenticate through Microsoft Entra when creating a BioDigital Human account.
If SSO is later disabled, these users will be required to create a BioDigital password.
Administrator fallback login
In the event of SSO failure, administrators are able to sign in with their original password.
For this reason, password setup remains required for all Administrator accounts.