All Collections
Azure AD SAML SSO configuration
Azure AD SAML SSO configuration

Better manage team access with Single Sign-On (SSO) and SCIM Provisioning functionality through Azure AD.

Drew Woods avatar
Written by Drew Woods
Updated over a week ago

We use SAML (Security Assertion Markup Language), a standard that permits Azure AD to safely pass authorization credentials to service providers like Rewatch.

Azure AD setup

These are instructions for setting up Rewatch SAML SSO with Azure AD.

Setup the Rewatch app in Azure AD

  • In the Azure AD portal, select Enterprise applications from the left-side nav.

  • Next, select All Applications in the left side nav, and click the New application button above the application list.

New application

  • Type Rewatch In the search box

  • Select the Rewatch application from the results.

  • Click the Create button.

  • When the application finishes creating, click Single sign-on in the left-side nav. Under Select a single sign-on method, select SAML.

Select SAML

  • If prompted to to Save single sign-on setting, click Yes

  • If prompted to test single sign-on, click No, I'll test later

  • Click Download next to Certificate (Base64) in the SAML Signing Certificate box. You will need this to setup the SAML configuration in Rewatch.

  • Copy the Login URL under the Set up Rewatch box. You will need this to setup the SAML configuration in Rewatch.

Rewatch setup

On the Rewatch channel admin page, click on the Security link in the sidebar.

SAML channel settings

Paste the Login URL from Azure AD into the IdP SSO target URL field and paste the contents of the certificate you downloaded into the IdP Certificate field. Then, set the email domains that will redirect to your SAML provider on login. Finally, check Enable Saml login for this channel. Click Save.

You can then test the SAML integration by clicking the Test SAML button. If you login via SAML with the same email as your current admin user account, you will maintain the same admin privileges. Once logged in via SAML, you can enable Enforce SAML-only logins for this channel.


While SAML will automatically update user information whenever they log in, you can additionally setup SCIM to automate deprovisioning and group membership updates immediately after you make these administrative changes. We currently do not support SCIM integration with Azure AD

Did this answer your question?