Microsoft Azure IdP SSO Integration Guide

Created by Jason Carreiro, Modified on Thu, 21 Jul 2022 at 10:35 AM by Marc Chouinard


Proofpoint Essentials supports integration with Identity Providers for authentication adhering to Security Assertion Markup Language (SAML) standards. Multiple identity providers for an organization are fully supported.

Proofpoint Essentials supports single sign-on (SSO) via Security Assertion Markup Language. When working with an external IdP, it can be set up as your identity provider (IdP) for SSO to Proofpoint Admin Console.

Microsoft Azure Active Directory SAML/SSO Configuration

  1. Navigate to Administration > Account Management > Identity Providers.

  2. At the top right-hand corner, click Add Identity Provider.

  3. In the New Identity Provider dialog panel, add a meaningful name and description to the Identity Provider. The given name will display on the Identity Provider button on the main login screen.


  4. In the Icon section, select the appropriate icon according to your desired integration. (Microsoft)

  5. Click Next.

Configuring SAML/SSO In Azure Portal

  1. Log into Microsoft Azure portal as administrator.

  2. Go to Azure Active Directory > Enterprise applications.

  3. Click New Application then Create your own application.

  4. Give your app a name and select Integrate any other application you don't find in the gallery (Non-gallery).


  5. Click Create.

  6. Navigate to Properties.

  7. Change Assignment required? to No and save. If this option is set to yes, then users and other apps or services must first be assigned this application before being able to access it.


  8. Go to Single sign-on > SAML and edit Basic SAML Configuration.

  9. Copy and paste the values from Proofpoint Essentials Identity Provider setup into the Basic SAML Configuration fields.

    Microsoft Azure

    Proofpoint Essentials

    Identifier (Entity ID)Entity ID

    Reply URL (Assertion Consumer Service URL)

    Login URL

    Sign on URL (Optional)Login URL
    Logout Url (Optional)Logout URL
  10. Click Save and Close panel.

  11. On the same page, under SAML Signing Certificate click Edit.


17. Change Signing Option to Sign SAML response and assertion


18. Click Save and Close panel.

19. Next, download Certificate (Base64).

20. Under step 4, copy and paste the values into Proofpoint Essentials Identity Provider setup:

Microsoft Azure

Proofpoint Essentials

Azure AD Identifier

Identity Provider Single Sign-On URL

Login URL

Identity Provider Login URL

Logout URL

Identity Provider Logout URL

Certificate from Step 11

Identity Provider X.509 Certificate


21. Click Enable Single Sign-On. When enabled, the Identity Provider Sign in with button will display on main login screen.

22. Click Save and Close.