This guide explains how to set up SAML-based Single Sign-On (SSO) between Entra ID (formerly called Azure Active Directory) and Harvestr.
✅ Prerequisites
To set up SSO with Azure AD, you must:
Be an Azure AD administrator
Have a Harvestr account with Editor rights
Use a Harvestr Elite plan
Step 1 — Add Harvestr as a new enterprise application
Go to the Microsoft Entra admin center: https://entra.microsoft.com
In the left sidebar, select Applications > Enterprise applications
Click + New application
Select Create your own application
Name it Harvestr, choose Integrate any other application you don’t find in the gallery (Non-gallery)
Click Create
Step 2 — Configure SAML-based SSO
Once the Harvestr app is created, go to Single sign-on
Choose SAML as the sign-on method
Under Basic SAML Configuration, click Edit and enter the following values:
Field | Value |
Identifier (Entity ID) |
|
Reply URL (Assertion Consumer Service URL) |
|
Sign on URL (optional) |
|
Click Save
Step 3 — Set up User Attributes & Claims
Make sure the following claims are configured:
Claim Name | Value |
| |
firstName |
|
lastName |
|
These fields allow Harvestr to auto-provision user profiles on first login.
Step 4 — Download your SAML certificate and metadata
In the SAML Signing Certificate select Download for Certificate (Raw) to download the SAML signing certificate.
Return to the SAML SSO section of your Harvestr organization settings. Click on Enable and force SAML authentication for your organization.
Paste the IDP metadata from previous step 8 and select Enable and force SAML authentication.
Step 5 — Test the SSO connection
Once the Harvestr team confirms SSO is configured on our side:
Assign yourself (and/or your team members) to the Harvestr enterprise app in Azure AD
Navigate to
https://app.harvestr.io/sso/saml/login
to test the loginYou should be redirected to the Azure login page, then into Harvestr
Need help?
If you run into any issues or have questions about your Entra ID configuration, feel free to contact us via our support chat.