Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.minimus.io/llms.txt

Use this file to discover all available pages before exploring further.

Add single-sign-on (SSO) to Minimus in Azure, by configuring Minimus as a custom SAML app.

Prepare the SSO form in Minimus

  1. Go to Manage > Users & Groups (direct link)
  2. Click Configure SSO at the top of the page to open the Minimus SSO form.
    Keep this form open and available in another browser tab as you configure the SAML app in Azure.
  3. The form has 4 parts:
    1. Configure Minimus as a custom app in your identity provider - You will copy these parameters from Minimus to Azure in the next steps.
      1. SP Entity ID
      2. Reply URL (Callback / ACS URL)
      3. Relay State (optional) - If you leave the Relay State blank, users will only be able to login with SSO from the Minimus homepage.
    2. Connect Minimus to your identity provider - You will fetch these parameters from your Azure custom app and save them to the Minimus form:
      1. Login SSO URL
      2. IdP Entity ID
      3. Certificate
    3. SAML Attribute Mapping - You will the fetch the Azure claim names for the following parameters and save them to the Minimus form:
      Minimus ParameterAzure Attribute Name
      Emailuser.mail
      Full Nameuser.userprincipalname
    4. Group Mapping is optional and can be enabled if you plan to configure user groups. See the instructions in user groups.

Add Minimus as a custom app under Azure Enterprise Applications

1

Create a Minimus application in Azure

  1. The first step is to create the Minimus App in Azure and link it to your Minimus Console. Go to Enterprise Applications to begin.
  2. Select the option New application.
  3. In the top bar, select the option to Create your own application.
    1. Name the application. (We’ll assume the name Minimus App was used for the rest of this guide.)
    2. Select the option to Integrate any other application you don’t find in the gallery (Non-gallery).
    3. Click Create.
    4. Wait for the success confirmation. It may take a minute or so.
2

Configure the SAML app

  1. Select Set up single sign on.
    Azure Set Up Sso
  2. Select SAML.
    Azure Select Saml
This will open the form Set up Single Sign-On with SAML. The form includes numbered steps.
  1. Select Edit for Step 1 - Basic SAML Configuration.
    Azure Edit Single Sign On
  2. Copy the following from the Minimus SSO form to Azure:
To copy from Minimus formAnd paste in Azure form
SP Entity IDIdentifier (Entity ID)
Reply URL (Callback / ACS URL)Reply URL (Assertion Consumer Service URL)
Relay StateRelay State (Optional)
  1. Save the form.
Azure Reply Url
3

Copy Microsoft Entra Identifier

  1. You will be automatically navigated to the Minimus App overview page.
  2. Copy the Azure Microsoft Entra Identifier to the IdP Entity ID in the Minimus form.
Azure Entity Id 1
4

Copy Azure attributes & claims to Minimus

Copy the relevant schema to the SAML Attribute Mapping section in the Minimus SSO form as shown below.
  1. Select Edit for Step 2 - Attributes & Claims.
    Azure Step 2 Entities Claims
  2. You will see a table of the default claims.
  3. Copy the claim name for the user.mail and the user.userprincipalname to the Minimus form.
Minimus ParameterAzure Attribute Name
Emailuser.mail
Full Nameuser.userprincipalname
Azure Claims Name
5

Download Base64 Certificate

  1. In Azure, continue to Step 3 - SAML Certificates.
  2. Download the Base64 Certificate.
  3. Open the certificate in notepad or another code viewer, and copy the code (including “-----BEGIN CERTIFICATE… and …END CERTIFICATE-----”).
  4. Copy the certificate to the Minimus SSO form.
Azure Download Certificate
6

Copy Azure Login URL to Minimus

  1. In Azure, continue to Step 4 - Set up Minimus.
  2. Copy the Azure Login URL to the field Login SSO URL in the Minimus SSO form.
    Azure Login Url
7

Enable group mapping, if relevant

  • If you aren’t interested in group mapping, skip to the next step and save the SSO configuration form in Minimus. You are ready to add SSO users in Minimus.  
  • If you want to add group mapping, follow the steps below. You have the option to either manage Azure groups by group name or group ID. The configurations are different for each. 
8

Save the Minimus SSO form

Assign user/group access in Azure

Grant Azure users and/or groups access to Minimus.
  1. In Azure, select Enterprise Applications.
  2. Select your Minimus App to open its details.
  3. Select Users and Groups from the left menu.
  4. Select Add user/group and follow the instructions on the page.
Azure Add Users

Manage Azure group names in Minimus

The process involves a few extra steps if you plan to manage Azure group names in Minimus.
These steps are not relevant if you intend to manage Azure groups by group ID. Skip these steps if you plan to manage direct user access or Azure group IDs.

Enable group mapping in Minimus

  1. Open the Minimus SSO form (direct link)
  2. Enable Step 4: Group Mapping.
  3. Select: Azure
  4. Fill out the following Azure parameters:
    • Application ID (also shown as Application (client) ID depending on where you look it up in Azure)
    • Client Secret (see the next steps)
  5. Save the Minimus SSO form.
Minimus Form Azure Groups

Configure API permissions

  1. In Azure, search for App Registrations.
  2. Select the enterprise application you created in the previous steps. (We assume you named it Minimus App).
  3. Authorize your app to call APIs:
    Azure API Permissions
    1. Select API Permissions from the left menu.
    2. Select Add a permission.
    3. Select Microsoft Graph (It will be the top option under the default tab, Microsoft APIs).
    4. Select Application permissions.
    5. Search for “directory” and select Directory.Read.All.
    6. Click add permissions to save your changes.
  4. In the same window, select grant admin consent for Default Directory and confirm your selection.
    Azure Grant Admin Consent

Generate client secret

You will need to generate a client secret and save it in the Minimus SSO form.
  1. In Azure, search for App Registrations.
  2. Select the enterprise application you created in the previous steps. (We assume you named it Minimus App).
  3. Select certificates & secrets from the left menu.
  4. Select + New client secret.
  5. Set the secret’s expiration, add a description (optional), and save the secret.
  6. Copy the secret’s value and save it immediately in the Minimus SSO form.
Once the page is refreshed the value will no longer be retrievable. If needed, you can always create a new client secret.
Azure Add Client Secret

Add Azure group names in Minimus

  1. In Azure, look up your Azure groups. You can search for “groups” in the top searchbar.
    Azure Group Names
  2. In the Minimus Groups form (direct link), add the groups by group name.

Manage Azure group IDs in Minimus

The process involves a few extra steps if you plan to manage Azure group IDs in Minimus.
These steps are not relevant if you intend to manage Azure groups by group name. Skip these steps if you plan to manage direct user access or Azure group names.

Add group claim

  1. In Azure, search for Enterprise Applications
  2. Select your app
  3. Select single sign on from the left menu
  4. Select edit in attributes & claims
Azure Attributes Claims 1
  1. Select add a group claim. A form will appear to the right:
    1. Select the relevant groups. You can select all groups or another option. There are advanced options as well to filter out specific groups, etc.
    2. Save your group claim.
Azure Add Group Claim
  1. The new group claim will be added to the list. Its format is fixed: http://schemas.microsoft.com/ws/2008/06/identity/claims/groups
Azure Group Claim Name

Enable group mapping in Minimus

  1. Open the Minimus SSO form (direct link)
  2. Enable Step 4: Group Mapping.
  3. Keep the default selection: Google / Okta / Other
  4. Paste in the Azure group mapping: 
    http://schemas.xmlsoap.org/ws/2008/06/identity/claims/groups
  5. Save the Minimus SSO form.
Azure Groups Enabled

Add Azure group IDs in Minimus

  1. In Azure, look up your Azure groups. You can search for “groups” in the top searchbar.
    Azure Groups Ids
  2. In the Minimus Groups form (direct link), add the groups by Azure group ID.
    Azure Group Ids

Troubleshooting SSO access

When copying the certificate to Minimus, make sure there is no whitespace before or after the certificate. Also, check that the expected prefix and suffix are included. 
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
Last modified on May 13, 2026