Folelse

Product

Features Live Demo Pricing Roadmap

NHS & Compliance

DSPT Guidance NHS Data Guide ICO Resources Free DPA Template

Resources

Blog Resource Hub FAQ

Company

About System Status
Support
Log in Get started free

Help Centre

SSO & Authentication 6 min read

Setting up Azure AD / Entra ID single sign-on

Azure AD (now Microsoft Entra ID) SSO lets your staff sign in to Folelse using their existing Microsoft 365 credentials. This requires the SSO add-on and Admin access to both Folelse and your Microsoft Azure portal.

Before you start

  • You must have the SSO add-on enabled (Dashboard → Billing → Add-ons).
  • You need Global Administrator or Application Administrator access in Microsoft Entra ID.
  • Ensure your users' email addresses in Folelse match their Azure AD UPNs (User Principal Names).

Step 1 — Register Folelse in Entra ID

  1. 1 In the Azure portal, go to Microsoft Entra ID → Enterprise Applications → New Application.
  2. 2 Click "Create your own application".
  3. 3 Enter the name "Folelse" and select "Integrate any other application you don't find in the gallery".
  4. 4 Click Create.

Step 2 — Configure SAML in Entra ID

  1. 1 Open the Folelse application in Entra ID.
  2. 2 Click "Set up single sign on" → SAML.
  3. 3 In Basic SAML Configuration, enter the Identifier (Entity ID) and Reply URL (ACS URL) from Folelse → Settings → SSO.
  4. 4 Under Attributes & Claims, ensure the email claim maps to user.mail.
  5. 5 Download the Federation Metadata XML file.

Step 3 — Configure SSO in Folelse

  1. 1 Go to Dashboard → Settings → SSO.
  2. 2 Select "Microsoft Entra ID / Azure AD" as the provider.
  3. 3 Upload the Federation Metadata XML file downloaded from Azure.
  4. 4 Click Save and Test Connection.
  5. 5 A test login prompt appears — sign in with your Azure credentials to confirm the connection.
  6. 6 Enable SSO for all users or specific groups.

Troubleshooting SSO issues

  • "User not found" error — the user's email in Folelse does not match their Azure AD UPN. Update either the Folelse user email or the Azure UPN to match.
  • "Signature validation failed" — re-download and re-upload the Federation Metadata XML. The signing certificate may have rotated.
  • Users redirected to error page — check that the Reply URL in Azure exactly matches the ACS URL in Folelse (including https:// and any trailing slashes).
  • Existing users cannot log in after SSO enabled — users must use the SSO login path. Share the SSO login URL from Settings → SSO with your team.

Need more help with this?

Contact support

Related articles

Configuring NHS CIS2 Smartcard SSO 6m Enforcing multi-factor authentication (MFA) 3m
Back to SSO & Authentication