Skip to main content
Kinsta.comCommunityOpens in a new tabMyKinstaOpens in a new tab

Microsoft Entra SAML SSO

Microsoft Entra (formerly Azure) is an Identity Provider (IdP) that enables secure single sign-on (SSO), allowing your company’s users to access multiple applications with one login.

With Security Assertion Markup Language (SAML) SSO, employees sign in once using their company credentials (typically email and password). The IdP, such as Microsoft Entra, verifies their identity and grants seamless, secure access to all connected services, without requiring separate logins for each application.

Company owners or IT administrators can link their organization’s email domain (e.g., @mycompany.com) to the IdP so that anyone with a company email address is automatically recognized and can securely sign in to SAML-enabled tools.

Using Kinsta SAML SSO, you can connect Microsoft Entra to MyKinsta by creating a SAML application within Microsoft Entra, verifying your company’s email domain, and adding the required Microsoft Entra details in MyKinsta. This allows your team to log in with their existing company credentials, eliminating the need to create or manage separate MyKinsta accounts.

Enable SSO in MyKinsta

When you set up SAML SSO, you can click Save and exit setup at any stage to store your progress and return later.

In MyKinsta, go to your username > Company settings > Single sign-on, and click Enable.

Enable SSO in MyKinsta.
Enable SSO in MyKinsta.

Read through the introduction, which explains how SSO will be set up, and click Continue.

Introduction to the steps required to set up SSO.
Introduction to the steps required to set up SSO.

The next page provides all the information you need to set up your SAML app within Microsoft Entra.

Set up the app integration in Microsoft Entra

In MyKinsta, the Create SAML app tab provides all the information you need to set up your SAML app within Microsoft Entra. The following steps explain where to add this information.

Information to create the SAML app at Microsoft Entra.
Information to create the SAML app at Microsoft Entra.

Log in to Microsoft Entra as a user with admin access, and within the Microsoft Entra admin center, click Entra ID > Enterprise applications > New application.

Create a new application in Microsoft Entra.
Create a new application in Microsoft Entra.

Click Create your own application, enter a name for your application, for example, MyKinsta Dashboard, and click Create.

Create your own application in Microsoft Entra.
Create your own application in Microsoft Entra.

Once the application is created, click Single sign-on and select SAML.

Select SAML as the sign-on method for your Microsoft Entra app.
Select SAML as the sign-on method for your Microsoft Entra app.

Within Basic SAML Configuration, click Edit.

Edit the basic SAML configuration in your Microsoft Entra app.
Edit the basic SAML configuration in your Microsoft Entra app.

Complete the Basic SAML Configuration in Microsoft Entra as follows:

  • Identifier (Entity ID): Click Add identifier and then copy and paste the Entity ID from MyKinsta.
  • Reply URL (Assertion Consumer Service URL): Click Add reply URL and then copy and paste the SSO/ACS URL from MyKinsta.
  • Sign on URL: Copy and paste the Start URL from MyKinsta.

Leave all other fields as default and click Save.

Complete the Basic SAML Configuration with the information from MyKinsta.
Complete the Basic SAML Configuration with the information from MyKinsta.

Within Attributes & Claims, click Edit.

Edit the Attributes & Claims in Microsoft Entra.
Edit the Attributes & Claims in Microsoft Entra.

Select the givenname claim, change the Name and Namespace to firstName, and click Save.

Update the givenname claim in Microsoft Entra.
Update the givenname claim in Microsoft Entra.

Select the surname claim, change the Name and Namespace to lastName, and click Save.

Update the surname claim in Microsoft Entra.
Update the surname claim in Microsoft Entra.

Select the emailaddress claim, change the Name and Namespace to email, and click Save.

Update the email claim in Microsoft Entra.
Update the email claim in Microsoft Entra.

Remove any other claims so the Attributes & Claims shows as follows:

Microsoft Entra Attributes & Claims.
Microsoft Entra Attributes & Claims.

You now need to set up the SAML app within MyKinsta.

Kinsta setup

In MyKinsta, on Create SAML app, click Continue so that you are on the Kinsta setup page.

Email domain

In the Domain name, enter the email domain users will use to sign in using SAML SSO, and click Add domain.

Only MyKinsta accounts with an email address matching the verified domain can authenticate via SAML. For example, if SAML is enabled for example.com, only users with an @example.com email address will be able to sign in for that company.

If the domain has already been verified in MyKinsta through DNS management or as a site domain, it will automatically be verified. If it hasn’t, you’ll be prompted to add a TXT record to your DNS management service to confirm domain ownership.

Add the TXT record to your DNS to verify ownership.
Add the TXT record to your DNS to verify ownership.

Because DNS changes can take time to propagate, you can click Save and exit setup to store your progress and return later.

Set up Kinsta SAML

In Microsoft Entra, go to Enterprise apps, select the application you set up for the MyKinsta Dashboard, and click Single sign-on.

In MyKinsta, within the Single sign-on Kinsta setup tab, complete the fields as follows:

  • SSO URL: Copy and paste the Login URL from the Set up MyKinsta Dashboard section in Microsoft Entra.
  • Entity ID: Copy and paste the Microsoft Entra Identifier from the Set up MyKinsta Dashboard section in Microsoft Entra.
Microsoft Entra SSO URL and Entity ID for MyKinsta.
Microsoft Entra SSO URL and Entity ID for MyKinsta.
  • Public certificate: In Microsoft Entra, within SAML Certificates, click Download on Certificate (Base64). Open this file in any text editor, and copy and paste the contents into MyKinsta.
Download the certificate from Microsoft Entra.
Download the certificate from Microsoft Entra.

Click Continue.

Enter the required information from the IdP to set up Kinsta SAML.
Enter the required information from the IdP to set up Kinsta SAML.

Assign users to the Microsoft Entra app

In Microsoft Entra, go to Enterprise apps, select the application you set up for the MyKinsta Dashboard, click Users and groups, and then click Add user/group.

Add users/groups to the app in Microsoft Entra.
Add users/groups to the app in Microsoft Entra.

Click None selected, select the users or groups you want to grant MyKinsta access via SSO, and then click Select.

Select the required users or groups within Microsoft Entra.
Select the required users or groups within Microsoft Entra.

Click Assign and then click Assign to People. If you have your users set up in groups, click Assign to Groups. Click Assign on each user or group you want to assign to the Kinsta SAML SSO application and then click Done.

To test authentication, make sure the MyKinsta user account you’re signed in with is assigned.

Test the authentication in MyKinsta

You cannot enable SAML SSO within MyKinsta without first testing the authentication.

In MyKinsta, within the Single sign-on Test and finish tab, click Test authentication.

Test the SAML authentication within MyKinsta.
Test the SAML authentication within MyKinsta.

A notification appears if the test was successful or if the test fails.

If the test fails, click Back and check your SAML settings within Microsoft Entra and within MyKinsta.

If the test is successful and you want to enable SAML, click Save and set changes live.

Your MyKinsta company users will now be able to sign in with SAML SSO or by entering their username and password. Users who sign in through an IdP are not required to complete Kinsta’s 2FA, as authentication is handled directly by the IdP.

If you want to force users to sign on via SAML, you can enable Mandatory SSO and add Exceptions. You can also enable JIT provisioning to allow users authorized by your IdP to access your MyKinsta company without requiring an invitation.

Sign in to MyKinsta with SAML SSO.
Sign in to MyKinsta with SAML SSO.

Change the session duration

The SSO session duration and expiration are controlled by your identity provider (IdP). For information about how to change this in Microsoft Entra, refer to the Microsoft Entra Documentation.

Was this article helpful?

© 2013 - 2025 Kinsta Inc. All rights reserved. Kinsta®, MyKinsta®, and DevKinsta® are trademarks owned by Kinsta Inc.The WordPress® trademark is the intellectual property of the WordPress Foundation, and the Woo® and WooCommerce® trademarks are the intellectual property of WooCommerce, Inc. Uses of the WordPress®, Woo®, and WooCommerce® names in this website are for identification purposes only and do not imply an endorsement by WordPress Foundation or WooCommerce, Inc. Kinsta is not endorsed or owned by, or affiliated with, the WordPress Foundation or WooCommerce, Inc. Legal information

Contact usKinsta community