SigningHub gives you an option to authenticate yourself by using Microsoft Azure's SAML-based Single Sign-on credentials to log into SigningHub. In this case, you don't even need to have a SigningHub ID, as your Azure Active Directory account will be used for SigningHub authentication.

However, logging in through your Azure Active Directory credentials for the first time, will take you to the registration screen and display your Azure Active Directory (email address) for new registration. After registration you can easily login through your Azure Active Directory credentials. 

To configure Azure with SAML and use it in SH below steps needs to be completed 

  1. Configure Microsoft Azure 
  2. Configure SigningHub 

Configure Microsoft Azure

  1. Sign in to the Azure portal using your Azure Active Directory administrator account.
  2. Click on the "Active Directory do Azure".
  3. Click on the "Enterprise Applications" on right side.
  4. In the app gallery, you can add an unlisted app by selecting the "Non-gallery Application" tile.
  5. After entering a Name for your application, you can configure the single sign-on options and behaviour.


  1. ​​​If you are unable to add custom application, then enabled feature by click on arrow in front of "Get a free Premium trial to use this feature".


  1. Once app is successfully added, it will be appeared under "Enterprise Applications".
  2. Select your added app from the list.
  3. To start, click on Single sign-on from the application's left-hand navigation menu. The next screen presents the options for configuring single sign-on.


  1. ​​​​"Single sign-on" is disabled for logged in user for selected app than add logged in user as owner against the added app.


  1. Select this option "SAML-based Sign-on" from the drop down "Single Sign-on Mode" to configure SAML-based authentication for the application. This requires that the application support SAML 2.0. Complete the following sections to configure single sign-on between the application and Azure AD.
  2. To set up Azure AD, enter the basic SAML configuration. You can manually enter the values or upload a metadata file to extract the value of the fields.
  3. When a user authenticates to the application, Azure AD will issue a SAML token to the app that contains information (or claims) about the user that uniquely identifies them. By default, this includes the user's username, email address, first name, and last name.
  4. When you create Non-Gallery application, Azure AD will create an application-specific certificate with an expiration date of 3 years from the date of creation. You need this certificate to set up the trust between Azure AD and the application.
  5. Click on "Save" button on top.
  6. To ensure users can sign-in to SigningHub after it has been configured to use Azure Active Directory. Users must be assigned access to SigningHub in Azure AD to sign-in.
  7. To configure the application for single sign-on, scroll to the end of the SAML-based sign-on configuration page, and then click on Configure SigningHub (Name of the app).


Configure SigningHub

  1. For configuration at SigningHub go to administrator URL such as "https://admin.signinghub.com/".
  2. Create the connector by click on add icon from Configurations>Connectors.
  3. Select the provider "SAML Identity Provider" from the "Provider" drop down.
  4. Provide the necessary information such as Name, Login & Logout URL (mentioned in step 15), Binding Type (POST/Redirect define in connector), Signature algorithm (SHA1/SHA256 define in connector ), upload IDP certificate downloaded from azure mentioned in step 12 and click on Save button.


  1. Signature Algorithm will be same as set in step 12. It will be used when signed the request.SHA256 is recommended when binding type is "POST".

  1. Export the SP metadata by click on "Export SP Metadata" button, this metadata can be use in step 10.
  2. Create the authentication profile by click on add icon from Configurations>Authentication Profiles.
  3. Provide the Name, method as "SAML Authentications", Connector that is created in step 19, select logo and Save the information.
  4. Publish the changes.
  5. Access the web URL as "https://web.signinghub.com/".
  6. Click the "More Login Options".
  7. Click on authentication profile that you have created above.
  8. Provide the credentials and login here


  1. ​In order to make your Azure Active Directory application running, you need to manually update a property on the Azure Portal under the application's manifest. 

For this:

  • Click Manifest at the left pane describing your app.
  • Change the value of the oauth2AllowImplicitFlow property to True. If the property is not present, add it and set its value to true.
  • Click "Save" to save the modified manifest. 


  1. The Microsoft Azure Active Directory authentication method also supports the Single sign-on (SSO) facility. To configure this, go to the integration screen and select "Azure AD" in the "Default Authentication Method" drop down (as explained in point 6).
  2. As a part of GDPR compliance, the "Service Agreement" dialog will appear after successful user authentication. This dialog contains the links of "Terms of Service" and "Privacy Policy" pages. SigningHub will ensure that you agree to them before letting you use your account.
  3. "Service Agreement" dialog will not appear after successful user authentication, if there is none of Service Agreement marked as active.
  4. When using an on-premises installation of SigningHub and this is the only configured authentication for the end-users, then you wont need to click the "More Login Options" link to choose it. In that case, this authentication method will be invoked by default on the Login screen.
  5. Users cannot login to SigningHub if their account is disabled, marked as dormant, or temporarily locked due to multiple invalid login attempts



See Also