Note: You must have the owner or admin role in Donna to be able to configure SAML SSO.
To configure SAML SSO, go to https://app.askdonna.com and login using Google OAuth, Microsoft OAuth or a magic sign in link.
Go to Settings, Security and click on Configure next to SAML SSO.
Go to https://portal.azure.com/ and login to Microsoft Azure. Go to the Microsoft Entra ID service and in the menu click on Enterprise applications.
Click on New application.
Click on Create your own application.
Enter a name (Donna SSO), select Integrate any other application you don't find in the gallery (Non-gallery) and click on Create.
In the menu, click on Single sign-on.
Click on SAML next.
Click Edit next to Basic SAML Configuration.
Click Add identifier below Identifier (Entity ID).
Copy the SP Entity ID from the Donna SAML SSO Configuration dialog and paste it in the Enter an identifier field.
Click Add reply URL below Reply URL (Assertion Consumer Service URL).
Copy the ACS URL from the Donna SAML SSO Configuration dialog and paste it in the Enter a reply URL field.
Click Save.
Click No, I’ll test later if the Test single sign-on dialog appears (and do the same any time the dialog appears).
Click Edit next to Attributes & Claims.
Click on Unique User Identifier (Name ID).
Ensure Name identifier format is set to Email address.
Set Source attribute to user.mail.
Click Save.
Click on SAML-based Sign-on to go back.
Click No, I’ll test later if the Test single sign-on dialog appears.
On the Donna SAML SSO Configuration dialog, click Next to go the next step.
In the section SAML Certificates next to Token signing certificate, click Edit.
For Signing Option, select Sign SAML response and assertion.
Click Save.
(Optional) In the section SAML Certificates next to Verification certificates (optional), click Edit.
(Optional) Check the box next to Require verification certificates.
(Optional) From the Donna SAML SSO Configuration dialog, download the Signing certificate as .cer.
(Optional) In Microsoft Entra ID, click Upload certificate and upload the Donna Signing certificate.
(Optional) Click Save.
(Optional) In the left sidebar menu, click on Token encryption.
(Optional) From the Donna SAML SSO Configuration dialog, download the Encryption certificate as .cer.
(Optional) In Microsoft Entra ID, click Import Certificate and upload the Donna Encryption certificate.
(Optional) Click on the three dots in the table and click on Activate token encryption certificate and click Yes.
(Optional) In the left sidebar menu, click on Single sign-on.
In the section SAML Certificates, click the copy button next to the App Federation Metadata Url.
Paste the App Federation Metadata Url in the Donna Metadata URL field and click Verify.
Select the email domains that are allowed to use the SAML SSO and click Save.
The SAML SSO configuration is now completed.
To enable the SAML SSO login method, click on the switch next to Edit configuration button to enable it and click on Save. The SAML SSO login method is now enabled.
Note: When you disable and enable the SAML SSO login method, you will not lose the SAML SSO configuration.
Go to https://app.askdonna.com
Click on Sign in with SSO.
Enter your email address and click Continue. You will be redirected to Microsoft.
Login to Microsoft and complete the Microsoft login process. After completing the Microsoft login process, you will be redirected back to Donna and be automatically logged in.
Make sure to test the SAML SSO login method before disabling other login methods!
In Donna, go to Settings, Security and disable other login methods you would not like your users to use and click on Save. Disabling other login methods allows you to enforce all users to login with SAML SSO.
