Skip to main content
Skip table of contents

SSO Configuration Using Azure AD

Azure Active Directory Configuration


  • Log in to the Azure Active Directory admin center and navigate to Enterprise Applications.

  • Click on New Application.

  • On the Add Application page, click the Non-gallery application button.

  • In the Add your own application page, type in Gimmal Discover for the Name of the application.

  • Once the application is added, click the option to Configure single sign-on and fill in the values as shown in the screenshot below:


Identifier (Entity ID): https://discover.gimmal.cloud/Account/Login

Reply URL: https://discover.gimmal.cloud/Account/SamlConsume

Screenshot 2024-06-28 152823.png

  • Download the Certificate (Base64) only. This is found in the SAML Certificate section.

  • Open the downloaded certificate file in Notepad. You will need to save this text to add to the Discover dashboard (see below).

  • Copy the SAML2 Login URL ( App Federation Metadata URL) above , you will need this to configure in the Discover dashboard (see below).

  • Close the Configure Sign-on window and click on Users and Groups.

  • Add the users from your Azure Directory that need to be authenticated for Discover.



Discover Dashboard

  • Log in to the console using an Administrator account.

  • Click the Settings icon in the top right corner of the console and navigate to the Single Sign-on tab


  • Set the following values:

Enable single sign-on: check the box for Main Login
Identity Provider Endpoint: Paste the SAML Single Sign-on Service URL copied from the Azure AD portal
Certificate: Edit the Base64 certificate downloaded from Azure AD in a text editor, copy the entire certificate text (including the BEGIN CERTIFICATE and END CERTIFICATE lines), and paste it into this field.

Base URL for SSO: although it says 'optional' we recommend setting this value to: discover.gimmal.cloud

  • Click the Save button to update the settings.

Login Instructions

To login to Discover using Single Sign-on, on the login page:

Click the Use Single Sign-on link



Enter a valid Customer ID then click Login.


If the user's Azure credential is cached in the browser, the user will be logged in. If not, they will be redirected to the Microsoft 365 login page, prompted to enter their credentials, then logged into Discover following successful authentication.


Checking the Force SAML Authentication box will ignore any cached credentials and force the user to reenter their Azure AD login information.

Requiring SSO Authentication

It is possible to limit a user to SSO login only. To implement this restriction, click on the Administration module link at the top of the dashboard, select a user in the left navigation panel then edit the user and check the SSO Only Login box as shown below:

Screenshot (288).png

When this option is set, the user will still be prompted to enter a Customer ID and User ID, but will never receive the password login prompt. Instead, they will be redirected to the SSO provider.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.