Setting up a SAML2 IdP for the Metaverse with Entra ID
(formerly Azure AD)
Jump to:
2. Creating the SAML application
3. Configuring the application
4. Providing Hyperspace with authentication details
1. Overview
Microsoft Entra ID (Azure Active Directory or Azure AD) Single Sign-on (SSO) is an Identity and Access Management (IAM) solution that enables associates from organizations to login to the Hyperspace Metaverse Platform using their existing organization credentials.
Given a simple link to a meeting, event, training or a corporate metaverse users can join frictionlessly through one login. Immersive experiences can now be woven into the flow of work without living in an “application silo”.
2. Creating the SAML application
The following configuration can be accessed by logging in to Entra ID (Azure AD) as a Global Administrator, at https://portal.azure.com/.
First, navigate to Azure Active Directory section through the menu on the left (if it is not showing, click on the icon with three horizontal lines at the top left).
Choose Enterprise applications, in the left-hand menu.
Click on New application
Click on Create your own application
On the menu that opens on the right side of the window, give a name to the application and select the Non-gallery option, then click Create at the bottom.
It might take a minute for Azure to create the application, you will be notified once it’s done and automatically redirected to the application’s page.
3. Configuring the application
Once the application has been created, click on either Single sign-on in the left-hand menu, or on 2. Set up single sign on in the central area of the screen.
Choose SAML
Click on Upload metadata file and supply the metadata.xml file provided by Hyperspace. If you don’t have one, please get in touch with our support team.
The basic configuration will be extracted from the metadata.xml file and shown in a popup on the left side of the screen. Click Save (it will take a few seconds).
3.1 Configuring claims
To configure the claims, click on Edit in the “User attributes & Claims” section
A list of current claims will appear.
Each claim is configured separately but they all have the same structure. These configurations can be accessed by clicking on the claim. Following are the settings for each of the additional claims (no change is needed to the default required claim).
Please use the same capitalization as these instructions (for example, givenName should not be written as givenname) |
- user.givenname
- Name: givenName
- Namespace: (empty)
- Source: Attribute
- Claim source: user.givenname
- user.mail
- Name: mail
- Namespace: (empty)
- Source: Attribute
- Claim source: user.mail
- user.userprincipalname
- Name: name
- Namespace: (empty)
- Source: Attribute
- Claim source: user.userprincipalname
- user.surname
- Name: sn
- Namespace: (empty)
- Source: Attribute
- Claim source: user.surname
After this configuration, the list of claims should look like the following
You can close this section by clicking on the X icon in the top right.
4. Providing Hyperspace with authentication details
The last step in setting up the SSO integration is to provide Hyperspace with certain details of your application.
You can either download the file highlighted in red (also linked as “App Federation Metadata Url”, slightly above) and provide it to Hyperspace, or provide the fields highlighted in green .
Once setup has been completed on the Hyperspace side, you will be able to use this method to sign in on UniversalAvatars (and by extension the Hyperspace ecosystem).
Trademarks & Copyrights are property of their respective owners. Pictures are indicative only & may not reflect final production