Prerequisites:

Your account must have a verified domain in order to set up and enable SSO. Review this article for instructions on verifying your domain.

You will need the following information from your IdP:
– Sign In URL
– X.509 Signing Certificate

How to set up SAML SSO for Microsoft Azure AD

1. Login to Microsoft Azure.

2. Go to Azure AD.

3. Select Enterprise Applications.

4. Click New Application.

5. Search for Nitro.

6. Select Nitro Productivity Suite.

7. Open this article on Azure AD SSO Integration with Nitro in another tab.

8. Click Add and continue with the instructions above.

9. After completing the setup on Azure, toggle Enable Single Sign-Onto Enabled.

Set up SAML SSO

1. Once you have verified your domain, select Single Sign-On from the left-and menu in Nitro Admin.

2. Click the Setup SAML SSO button.

3. Enter your IdP’s SignInURLand upload the x.509 Signing Certificate from your IdP. The x.509 Signing Certificate should be base 64 encoded and in a .ceror .pemformat.

4. When these have been submitted successfully, you will be provided with the SAMLEntity ID and ACS URL. Add these to your IdP

5. Nitro requires the SAML assertion to contain NameID, email, given_name, family_name and employeeNumber of a user:

NameID must be set to email address.
employeeNumber can be any value that is unique for a user. E.g. for Okta: user.id. Note, if there is no obvious unique ID value, use email address instead.
Please note the UI for adding custom attributes will vary depending on the identity provider in use. See example assertions from Okta, Azure AD below.

Enable SSO in Nitro Sign

After completing the SAML SSO setup, toggle Enable Single Sign-On to Enabled.

Additional resources:

Want to know more? Head over to the Nitro Sign User Guide for more information.

Nitro Sign User Guide