Instructions for Azure (Active Directory) SAML 2.0 Single Sign On Setup

This article is an overview of the steps required to integrate ContractSafe with Active Directory hosted on Azure.  In order to set this up, you must have Admin or Account Manager access on ContractSafe and also Admin access on Azure.


1. In ContractSafe Settings, under Security & Integrations, toggle on Single Sign-On and the Settings Window will pop-up. 

Now we need to press the Generate button 

Now that the link is generated we can move to the next step

2.   Log into Azure, and navigate to Portal.  From there select Azure Active Directory.



3.  From the menu on the left, click on Enterprise Applications.  Click on New Application then Create Your Own Application:



4.   Assign a name to your application and click Create in the bottom right. 


5.  Click on Users and groups in the menu on the left, and then click on Add user/group.



6.  Click on Users - None Selected and select the users you would like to allow access from the panel on the right. Click Select when you are done.  NOTE:   Ensure that the users have Role Assigned set to User



7.  From the menu on the left click on Single sign-on, and then select SAML.  Populate the Identifier and Reply URL fields with the Saml2 Single Sign On URL from ContractSafe Settings -> Security & Integrations.



IMPORTANT:  Ensure that the claim emailaddress corresponds the value user.mail



8.  In ContractSafe Settings, under Security & Integrations: Single Sign On section, enter the word emailaddress in the Email Identifier field.



9.  Back in Azure, download the Federation Metadata XML



and upload it using the link in ContractSafe, under Security & Integrations: Single Sign On section:

You can access the application by either:

1.   Bookmarking the User access URL under Properties (in your Azure Settings)



2.  Clicking the ContractSafe App Icon from

Please reach out to for any questions.