This guide is for your IT team. It explains how to register Social Champ as a SAML application in Microsoft Entra ID (Azure AD) and what values to exchange between Azure and SocialChamp.
Note: The URLs below contain a workspace ID that is unique to your workspace.
Always copy the exact values from your own Social Champ panel at
Settings → Organization → Security → SSO → “Social Champ SAML Values”.
1. Values to enter in Azure AD
When you create the Enterprise Application in Azure and open Single sign-on → SAML,
ll in the Basic SAML Configuration with these SocialChamp values:
The values below are samples to show the format only. Copy your real values from
Settings → Organization → Security → SSO → “Social Champ SAML Values” — they end in your own workspace ID.
| Azure AD field | Sample value (format) |
| Identi er (Entity ID) | https://www.socialchamp.com/auth/sso/saml/metad ata/<your-workspace-id> |
| Reply URL (Assertion Consumer Service URL) | https://www.socialchamp.com/auth/sso/saml/acs/< your-workspace-id> |
| Sign on URL | (leave blank — login is started from SocialChamp) |
| Logout URL | (leave blank — see section 4) |
Tip: Instead of typing the identifier and reply URL by hand, you can import the
Metadata URL below in Azure (Upload metadata file → paste the URL):
https://www.socialchamp.com/auth/sso/saml/metadata/<your-workspaceid>
2. Name ID
| Setting | Value |
| Name ID format | Email address ( urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress ) |
| Source attribute | user.mail (or user.userprincipalname if that is the user’s email) |
The Name ID must be the user’s email address. SocialChamp matches users by email, so this is the most important value.
3. Attribute mapping (claims)
Required — Email
The user’s email is the only required value. Azure AD sends it by default, so usually no custom mapping is needed. SocialChamp accepts the email from any of the following,
in order:
1. The Name ID (when it is in email format — see section 2), or
2. The claim
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
(Azure’s default, mapped to user.mail ), or
3. A claim simply named email or mail .
Optional — Display name
Used to pre- fill the user’s name when their SocialChamp account is created on rst login.
| Claim name | Source attribute |
| displayName (or name) | user.displayname |
Important: SocialChamp uses a single combined display-name attribute. It does not read separate givenName / surname claims. If no display name is sent, SocialChamp falls back to the part of the email before the @ .
4. SAML Logout URL
Not required. SocialChamp does not currently use SAML Single Logout (SLO).
Leave the Logout URL blank in Azure.
5. Signing requirements
| Requirement | Detail |
| Assertion signing | Required. SocialChamp requires the SAML assertion to be signed
( WantAssertionsSigned = true ). Azure AD signs assertions by default – just confirm signing is enabled. |
| Request signing | Not needed. SocialChamp does not sign its authentication requests, so no SP signing certificate is required on your side. |
6. Values to send back to SocialChamp
Once the Azure Enterprise Application is configured, collect these from Azure
(Single sign-on → SAML page) and enter them in SocialChamp under
Settings → Organization → Security → SSO → SAML Configuration:
| Social Champ Field | Where to find it in Azure |
| SSO URL | “Login URL” |
| Entity ID | “Microsoft Entra Identifier” (IdP Issuer) |
| X.509
Certificate |
Download the Certi cate (Base64) from the “SAML Signing Certi cate” section and paste its contents |
| Company Domain | Your company email domain, e.g. acme.com |
7. Test and enable
- In SocialChamp, click Test Connection to verify the configuration.
- When the test passes (green status), turn on the Enable SSO toggle.
- (Optional) Turn on Enforce SSO-only login to require everyone on your company domain to sign in via SSO and block password login.
Need help?
Contact support@socialchamp.com and include:
- Your company domain
- That you are using Microsoft Entra ID (Azure AD)
- A screenshot of any error
In this guide, we’ll walk you through setting up 2FA to enhance the security of your account. With 2FA, you'll Read more