This guide explains how to integrate Microsoft Entra ID (Azure AD) with Kendis using SAML-based Single Sign-On (SSO).
Kendis Application
The Kendis Integration app is available on the Azure Marketplace for Microsoft Entra ID (formerly Azure AD).
Step 1: Access Entra ID
Go to https://portal.azure.com/ and select "Entra ID" from Azure Services.
Step 2: Navigate to Enterprise Applications
From the left-hand menu, select "Enterprise applications."
Step 3: Add a New Application
Click on "New Application."
Step 4: Search for Kendis
Search for "Kendis" in the application gallery. Once it appears in the results, click "Create."
Step 5: Set Up Single Sign-On
After creating the app, click on "Set up single sign on."
Step 6: Get the Reply URL from Kendis
You must be a Super Admin in Kendis to access the SAML configuration.
Go to Admin Settings in your Kendis account.
Select "SAML Configuration."
Copy the "Reply URL (Assertion Consumer Service URL)."
Step 7: Configure Basic SAML Settings in Azure AD
Continue the setup process by editing "Basic SAML Configuration"
Entity ID: Can be any custom value (e.g., kendis-sso).
Reply URL: Use the URL copied from Kendis in Step 6.
Other fields can be left empty or as-is.
Step 8: Configure Attributes and Claims
Azure AD will populate required attributes and claims by default, but Group Claims must be added manually.
Add a Group Claim.
In "Groups Claim Selection," select "Groups assigned to the application."
This is recommended to avoid issues when there are more than 150 groups.
Ensure the appropriate groups are assigned to the Kendis application.
Add a Group Claim
Group Claims Selection
Groups Claim Added
Step 9: Add Login URL and Certificate to Kendis
Copy the Login URL from Azure AD and paste it into the "Login URL" field in Kendis.
Download the certificate in Base64 format.
Open the certificate in a text editor and copy only the text between BEGIN CERTIFICATE and END CERTIFICATE.
Kendis Screen after copying details
Press "Save"
Step 10: Assign Users or Groups
Assign users or groups to the Kendis application in Azure AD. Users will not be able to log in unless they are assigned.
Step 11: Test the Single Sign-On
Go to your Kendis instance URL.
Click on "Login with Corporate Account."
Log in using your Azure AD credentials.
For assistance, contact our Live Chat Support or email us at support@kendis.io