Security
      Back to home
      1. Help Centre
      2. Security

      How to set up Microsoft Entra ID (SSO)

      This guide walks you through configuring single sign-on (SSO) in Microsoft Entra ID for Budgetly. Follow the steps below to complete the setup.

      Step 1: Start SSO setup in Budgetly

      1. Navigate to Settings > Security > SSO in Budgetly.
      2. Click Connect SSO to begin the setup.
      3. Choose your identity provider (Currently only Entra ID is supported)
      4. Copy Budgetly config – you will need this when setting up SAML in Entra ID.

       

      Step 2: Create an application in Microsoft Entra ID

      1. Open a new tab and sign in to Microsoft Entra ID.
      2. Go to Enterprise applications > Click New application.
      3. Select Create your own application and name it "Budgetly SSO".
      4. Select “Non-gallery” application and click Create.

       

      Step 3: Configure SAML in Microsoft Entra ID

      1. Go to “Single sign-on” for your newly created “Budgetly SSO” application.

       

      2. Select SAML as the sign-in method.

       

      3. Click Edit in the Basic SAML Configuration.

       

      4. Use the Budgetly config from Step 1

      a. Identifier (Entity ID): urn:amazon:cognito:sp:**********

      b. Reply URL (Assertion Consumer Service URL): https://**********.ap-southeast-2.amazoncognito.com/saml2/idpresponse

      c. Sign-on URL: https://budgetly.io/login

      5. Click Save to apply the settings.

      6. In the Attributes and Claims section, keep default values. Confirm that a Claim name "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" and Value "user.mail" is present.

      Note: If you get an error, double-check these values have been correctly entered in Entra ID.

       

      Step 4: Finalise setup in Budgetly SSO settings

      1. In EntraID SAML Certificates section, copy the App Federation metadata Url .

       

      2. Switch tabs back to Budgetly and paste the URL into the App Federation Metadata URL field (Step 2).

      3. Enter the (Step 3) email domains that will be enforced for SSO login.

      a. Separate multiple domains with commas (e.g. domain1.com, domain2.com).

      4. Click the Save & connect SSO button.

       

      Step 6: Budgetly verifies the SSO connection

      • Budgetly will automatically verify the SSO connection.

      • If verification fails, an error will appear—check your settings and try again.

      • If verification succeeds, you'll be redirected to the main SSO Settings screen where the SSO status will show as connected.

       

      Step 7: SSO setup complete 🎉

      • SSO is now enabled for your organisation!

      • Users that login with an enforced domain email can now log in using Microsoft Entra ID.

      Note: If you encounter any issues, review the SSO logs in Entra ID to identify the cause. If you can't resolve the issue, contact your IT admin or Budgetly support.

       

      For more help click here to see our FAQs on SSO.