Why Businesses Should Use SAML
As businesses grow, managing user access across multiple systems becomes increasingly complex. Employees need to log in to dozens of tools, from email and collaboration platforms to specialized business apps like ChangeBreeze and each login means another password to remember, reset, and secure.
That’s where SAML (Security Assertion Markup Language) comes in. SAML allows businesses to connect their internal identity systems (like Azure AD, Okta, or Google Workspace) directly to their cloud applications, providing Single Sign-On (SSO) capabilities.
With SAML in place:
- Users log in once with their corporate credentials and gain access to all approved apps.
- IT teams maintain centralized control over authentication and access.
- Security improves because credentials are never stored or managed in multiple systems.
- Onboarding and offboarding are streamlined, access follows the user’s corporate identity.
Setting up Entra Enterprise Application
- Login to https://portal.azure.com/ and choose Enterprise applicaitons.
- Select New application
- Select Create your own application, give it a name such as "ChangeBreeze SSO" and leave the option checked Integrate any other application you don't find in the gallery (Non-gallery).
- Select Single Sign-on from the side menu, then select SAML as the single sign on method.
- From here we need to setup the Single Sign on Settings.
(We need to configure a temporary "ID" here and update these URLs in a later step)
Identifier (Entity ID): https://changebreeze.com/sso/metadata/ID
Reply URL (Assertion Consumer Service URL): https://changebreeze.com/sso/acs/ID
Logout Url (Optional): https://changebreeze.com/sso/sls/ID
Once configured select save
- Download the Base 64 Certificate which will be uploaded to ChangeBreeze.
- Login to https://changebreeze.com/ with your admin account, navigate to Orginization Settings or Company Settings depending on your account type.
Organization Account: https://changebreeze.com/organisation/sso/
Tenant Account (Org Customers): https://changebreeze.com/company/sso/
Then select Add Provider
Fill in the following settings:
Provier Name: This can be any name that makes sense example "Entra SSO"
Provider Type: Azure AD / Entra ID
Domain: This domain field is used during SAML sign on use you company domain example changebreeze.com
Identity Provider Entity ID: This will be the Microsoft Entra Identifier URL
Single Sign-On URL: This is the Login URL
Single Logout URL: This is the Logout URL
Example:
X.509 Certificate: The Base64 Certificate that was downloaded earlier needs to be uploaded to changebreeze.com.
Open the certificate in a plain-text editor
Windows: Right-click → Open with → Notepad, Notepad++ (better), or VS Code.
macOS: Use TextEdit in plain text mode (Format → Make Plain Text) or VS Code.
Linux: Use nano certificate.pem, vim certificate.pem, or a GUI editor like Gedit.
Do not open in Word or any rich-text editor (they add hidden formatting).
Copy the entire contents including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- sections.
Paste it into the X.509 field:
- Select Create Provider
- Scroll to the bottom of the page to see the Service Provider SP Configuration section. These settings now need to be updated in Entra with the provided URL settings:
Identifier (Entity ID): https://changebreeze.com/sso/metadata/<YOURID>
Reply URL (Assertion Consumer Service URL): https://changebreeze.com/sso/acs/<YOURID>
Logout Url (Optional): https://changebreeze.com/sso/sls/<YOURID>
The Entra SAML settings should now be matching as per:
- SAML authentication is now complete.
- To sign in, browse to http://changebreeze.com/accounts/login/ Select Sign in with SAML SSO at the bottom of the screen.
- Enter your company domain as per step 7, then select Continue with SAML. If you are already signed in, you should immediately be logged in and account created, if not you will be redirected to sign in with Microsoft.
