Setup SAML 2.0 SSO for Hexa and Azure Active Directory


  • Azure AD is your Identity provider

  • SAML 2.0 SSO configuration works with the following Azure Plans:

    • Pro Plus
    • Enterprise plan
  • You have a sub domain of CloudHexa and you require SAML 2.0 SSO to authenticate your users.

Configurations needed in your Azure AD console

Important: Login to Azure AD as admin

Add an Enterprise Application in your Azure AD portal:

  • Go to Enterprise applications.
  • Click on New Application.


Enterprise Application


  • Click on Create your own application.
  • Enter CloudHexa as the name of the app.
  • Choose Integrate any other application you don’t find in the gallery (Non-gallery).
  • Click Create.


Create Application


  • Click on Setup Single Sign on


Setup SSO


  • Click on SAML in the Select a single sign-on method step

Step 1

  • Click Edit in Basic SAML Configuration, then in the dialog:

    • Click on Add Identifier Identifier (Entity ID): this is your unique identifier provided by Hexa support team, paste it here
    • Click on Add reply URL to add Reply URL (Assertion Consumer Service URL): Copy this URL and add it:
  • Click Save

  • Your settings will look like the following:


Edit Basic SAML


Step 2

  • Under Attributes & Claims, click on Edit


Attributes and Claims


  • Click on Add a group claim


Group Claim Settings


  • Choose Security Groups
  • Check Customize the name of the group claim
  • Type in groups
  • Click Save


Group Claim Settings


Step 3

  • In SAML Certificates,
  • From Certificate (Base64), Click on Download. This file should be sent to Hexa Support Team.




Step 4

  • In Setup [CloudHexa], copy the 2 below URLs, and send to Hexa support team.


Setup URLs


Map AD groups to CloudHexa Accounts

  • We require to create groups and map them to CloudHexa accounts, it is recommended to have seperate AD groups for your digital signage app.
  • Get the Group ID from Azure AD and provide it to Hexa support Team and specify to which CloudHexa user it should be mapped.
  • In Azure AD, go to Groups, locate your group and copy its Object ID


Group ID


To manage user roles in CloudHexa, refer to Teams.