In this article we will outline setting up Microsoft Azure AD as a SAML Identity Provider so that we can utilize Telnyx's Single Sign-On feature. The Microsoft Azure AD platform is Microsoft's enterprise cloud-based identity and access management (IAM) solution. It is one of the many SAML providers that Telnyx supports for our SSO feature.
NOTE: If you experience technical difficulties while attempting to set up your MS Azure AD SSO with Telnyx, its possible your provider is experiencing outages/maintenance. You can check the status of Azure's features at
To begin, navigate to your Microsoft Azure Admin portal which can be found at https://portal.azure.com/#home. Click on the sidebar to the left and click on Azure Active Directory.
You will be redirected to the Active Directory page. Click on Enterprise Applications in the side-bar menu to the left.
Click on the "New Application" option in the top left of the following page, and on the Browse AD Gallery menu search for "azure ad saml toolkit". Click on the result and fill in a name of your choice into the field within the pop-out. Click the blue Create button at the bottom of the pop-out.
On the new application page, click on the "Set up single sign on" card within the Getting Started section.
You will be presented with various options on the next page, select the "SAML" card to proceed to the configuration section. From here, copy the App Federation Metadata URL and the Thumbprint from card 3.
Next, navigate to your Organization section of the Telnyx Mission Control Portal and create an Organization if you have not already. Once created, navigate to the Single Sign-On section of the portal and click the green Enable Single Sign-On button.
You will be presented with the following fields:
Fill in the Authentication Provider Name and Short Name with the values you desire. Please note that the Short Name will be part of the SSO URLs.
For the IdP Metadata URL, paste the App Federation Metadata URL we copied from the MS Azure Admin.
Click on Import IdP Settings & Save. Once saved, your authentication provider settings should automatically fill in with exception of the IdP Certificate Fingerprint. Replace the "not found" within this field with the Thumbprint we copied earlier from the Azure Admin portal. Click Save Changes.
After saving, scroll down to the bottom of the page and take note of the values for
Assertion Consumer Service URL, Service Provider Entity ID, and
Name Identifier Format.
Navigate back to the Azure AD portal, and click the Edit option in the top right corner of card 1 (Basic SAML Configuration).
Remove the default value for Identifier (Entity ID) (something like https://samltookit.azurewebsites.net) by clicking the trash icon.
Use the value generated for Service Provider Entity ID on the Telnyx Mission Control Portal and paste it in the field Identifier (Entity ID).
Use the value generated for Assertion Consumer Service URL on the Telnyx Mission Control Portal and paste it in the field Reply URL (Assertion Consumer Service URL).
Copy "https://api.telnyx.com/sso/saml/login/YOUR_SHORT_NAME" into the field Sign on URL.
For the Relay State field, fill in the following URL: https://portal.telnyx.com/
Click Save to finalize your configuration settings. When you are ready to enable your SSO configs, navigate back to the Telnyx Mission Control Portal and check the "Enable Single Sign-On" box. Click Save Changes.
Your chosen settings are now in effect! This will send all users in your organization an email informing them that SSO is now enabled. Your users will still be able to login using username/password for the next 72 hours. After that, they will be required to use SSO.