1 In Azure Portal: Go to Microsoft Entra ID > Enterprise Applications > New Application

2 Click "Integrate any other application (Non-gallery)"

3 Name the application: "Prodoscore-SAML-SSO" or similar

4 Click "Create"

5 In the app overview, click "Single sign-on"

6 Select "SAML" as the single sign-on method

1 On the SAML page, click "Edit" (next to Basic SAML Configuration)

2 Fill in the following:

• Identifier (Entity ID): https://auth.ag.prodoscore.com/realms/prodoscore-prod
• Reply URL (Assertion Consumer Service URL): https://auth.ag.prodoscore.com/realms/prodoscore-prod/broker/[yourdomain]-azure-ad/endpoint

Replace [yourdomain] with your Prodoscore workspace name (e.g., if your Prodoscore URL is acme.ag.prodoscore.com, use "acme")

3 Leave Sign-on URL and Logout URL blank (optional for SAML)

4 Click "Save"

1 Click "Edit" (next to Attributes & Claims)

2 Find the "Unique User Identifier" row

3 Click to edit and set the value to "user.mail" (this uses the user's email address as the unique identifier)

4 Click "Save"

1 Back on the SAML page, look for "SAML Certificates" section

2 Copy the "App Federation Metadata URL" (looks like https://login.microsoftonline.com/[tenant-id]/federationmetadata/2007-06/federationmetadata.xml)

1 In the app, go to "Users and groups"

2 Click "Add user/group"

3 Select which users or groups should have access to Prodoscore via SSO

4 Click "Assign"

1 Email the SAML Metadata URL to Prodoscore support at support@prodoscore.com

2 Include your Prodoscore workspace URL (e.g., acme.ag.prodoscore.com)

3 Prodoscore support will configure SSO on their side and confirm when it's active

1 Go to your Prodoscore login page (https://[yourworkspace].ag.prodoscore.com)

2 Click "Sign in with SSO" or the Entra/Microsoft button (if available)

3 You are redirected to Microsoft Entra login

4 Enter your corporate email and password (same as your Office 365 or Windows login)

5 If successful, you are signed into Prodoscore with no additional password needed