Pricing
Download
Log in
Jobs
Sign up

Learn

Docs
Changelog
Blog
Pair programming guide
Distributed Podcast

Integrations

Slack
Google Calendar
Apple Calendar
Triggers

SSO Guide · Microsoft Entra ID

A guide for Tuple customers who want to use SAML SSO with Microsoft Entra ID (formerly Azure AD) as the Identity Provider.

Email addresses for users in Microsoft Entra ID and on Tuple must match exactly. For example, dev+tuple@company.com will not match dev@company.com. Please ensure your team's email addresses are correct before you enable the SSO integration.

Step 1 - Create Enterprise Application

Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.

Navigate to Identity > Applications > Enterprise applications and click New application. Then click Create your own application.

Enter “Tuple” as the application name, select Integrate any other application you don’t find in the gallery (Non-gallery), and click Create.

Step 2 - Assign Users

Before configuring SSO, assign the users who need access to Tuple. In your new Tuple application, go to Users and groups and add the users or groups that should have SSO access.

Step 3 - Configure SAML

In your Tuple application, navigate to Single sign-on in the left sidebar and select SAML as the sign-on method.

Click Edit on the Basic SAML Configuration card and fill in the following fields:

Identifier (Entity ID)

https://production.tuple.app/users/saml/metadata

Reply URL (Assertion Consumer Service URL)

https://production.tuple.app/users/saml/auth

Click Save.

Step 4 - Configure Attributes & Claims

Click Edit on the Attributes & Claims card. You need to add two custom claims so that Tuple receives the user’s first and last name.

Click Add new claim and create each of the following:

NameSource attribute
first_nameuser.givenname
last_nameuser.surname

Leave the Namespace field empty for both claims.

Tuple also reads email from the SAML response. The default claim http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress mapped to user.mail will work automatically — no changes needed.

Step 5 - Setup SAML in Tuple

On the SAML Certificates card, download the Certificate (Base64) file.

Then, in the Set up Tuple card, copy the following values:

  • Login URL — this is your IdP authentication URL
  • Microsoft Entra Identifier — this is your IdP entity ID

Navigate to the Settings tab of the team management dashboard. Note: Only Team Owners have access to this page, so you will need to be Team Owner to access this page. If you need to find out who the Team Owner for your team is, view your profile.

Toggle to Enable SAML, and the configuration form will be revealed:

Create Tuple configuration

Fill in the values with your metadata:

  • IdP entity ID — your Microsoft Entra Identifier
  • IdP authentication URL — your Login URL
  • Certificate — the downloaded Base64 certificate file

Press “Save Configuration” to turn on SAML for your team. Once SAML is enabled, any active Tuple sessions will persist, but any new logins will be forced to authenticate using Microsoft Entra ID. Log in here to verify that it’s working.