- Arc XP Learning Center
- Products
- Arc XP administration
- Permissions
- Integrating Arc XP with Microsoft Entra ID (Azure AD)
Integrating Arc XP with Microsoft Entra ID (Azure AD)
This page explains how to integrate Arc XP with Microsoft Entra ID (Azure AD).
Note
Microsoft Azure Active Directory (Azure AD) is now known as Microsoft Entra ID.
Note
This documentation describes a third-party tool. The steps may change over time. Always refer to the tool's official documentation for the latest instructions.
How this integration works
This integrations establishes a SAML relationship between Arc XP's identity provider (Okta) and your identity provider, Microsoft Entra ID. When a user attempts to log in to Arc XP, the authentication process follows these steps:
The user navigates to the Arc XP login page.
The system redirects the user to your Microsoft Entra ID login page.
The user enters their Entra ID credentials to authenticate.
Microsoft Entra ID generates and sends a SAML assertion to Okta.
Okta verifies the authentication parameters and claims.
If valid, Okta redirects the user to the Arc XP Admin, granting access.
Prerequisites
Before you begin, you must:
Have a Microsoft Entra ID Premium subscription to create SAML 2.0 Gallery applications.
Have administrative access to your company's Microsoft Entra ID.
Understand how to configure and use Microsoft Entra ID.
Know how the login flow works for your users.
Know the groups to pass into Arc XP for permissions (you can update these later).
Sign in to the Microsoft Azure portal.
Search for and select Microsoft Entra ID.
In the left navigation panel, click Enterprise applications.
Click New application.
Search for and select Arc Publishing - SSO.
Click Create.
The values in these steps are placeholders. Contact Arc XP Customer Support to obtain the correct identifier, reply URL, and sign-on URL.
In the Arc Publishing - SSO application, click Get started under Set up single sign-on.
On the Select a single sign-on method page, select SAML.
On the Set up single sign-on with SAML page, click Edit in the Basic SAML Configuration section.
Enter the values for the following fields:
Identifier (Entity ID) -
https://www.okta.com/saml2/service-provider/[Unique ID]Reply URL (Assertion Consumer Service URL) -
https://arcpublishing-[Customer].okta.com/sso/saml2/[Unique ID]
Optionally, click Set additional URLs and enter the Sign-on URL:
https://arcpublishing-[Customer].okta.com/sso/saml2/[Unique ID]
On the Set up single sign-on with SAML page, scroll to the SAML Signing Certificate section.
Fine Certificate (Base64), and click Download.
Save the certificate on your computer.
On the Set up Arc Publishing - SSO page, copy the following details:
Login URL
Microsoft Entra ID Identifier
Logout URL
Send these details along with the downloaded SAML signing certificate to your Okta administrators.
After Arc XP confirms the setup is complete, test the login process:
Go to your Arc XP admin portal:
[orgId].arcpublishing.com.Enter your email address on the Okta login page.
The system redirects you to the Entra ID for authentication.
Log in using your Microsoft Entra ID credentials.
If successful, the system redirects you to Arc XP.
This step is required only if you plan to configure user groups in Microsoft Entra ID.
Sign in to Microsoft Entra ID as an administrator.
Navigate to Enterprise applications > All applications.
Select Arc Publishing - SSO, and click Single sign-on.
Click Edit in the Attributes & Claims section.
Delete any existing groups claims.
Click Add a group claim.
Select Groups Assigned to the application.
In Source Attribute, choose Cloud-only groups display names.
Select Customize the name of the group claim, and enter a name for the claim.
Click Save.
The updated Attributes and Claims list now displays the new group claim. Retest the login process to confirm that users and groups are correctly passed to Arc XP. See Step 5: Test the login flow.