Skip to main content

Setting Up Single Sign-On (SSO) with Microsoft Entra ID

Thomas
Updated

Single Sign-On (SSO) lets your team access Prosper using their existing Microsoft credentials — no separate Prosper password to remember or manage. This guide walks you through connecting Prosper EX to Microsoft Entra ID (formerly Azure AD) using SAML, by exchanging configuration details between the two platforms.

Who this is for: Administrators with access to both Prosper EX and your organisation's Microsoft Entra ID (Azure) tenant

Read time: 10 minutes

What you'll be doing

Configuring SSO is a two-sided setup. You'll create an Enterprise Application in Microsoft Entra ID, then exchange a set of values between Entra ID and Prosper EX so the two systems trust each other. Once complete, your users sign in to Prosper using their Microsoft account.

The setup involves copying values in both directions:

  • From Prosper → Azure: Identifier (Entity ID) and Reply URL.
  • From Azure → Prosper: Entra Identifier, Login URL, and the Signing Certificate.

Tip: Keep both Prosper EX and Azure open in separate browser tabs throughout this process. You'll switch between them several times to copy and paste values.

Prerequisites

  • You must have Administrator permissions in Prosper EX.
  • You must have permission to create and configure Enterprise Applications in your organisation's Microsoft Entra ID tenant (typically a Global Administrator or Application Administrator role).
  • You should complete this setup during a low-traffic window, as enabling SSO changes how users sign in.

Step 1 — Open Single Sign-On in Prosper

In Prosper EX, navigate to Single Sign-On in the menu and select it.

Keep this tab open — you'll return to it to paste values from Azure.

Step 2 — Create the Enterprise Application in Azure

Step 2.1 — Log in to Azure and open Microsoft Entra ID

In another browser tab, log in to Azure and navigate to Microsoft Entra ID.

Step 2.2 — Create a new Enterprise Application

From Microsoft Entra ID, select Enterprise applications, then New application.

Step 2.3 — Create your own application

  1. Select Create your own application.
  2. Name the application PROSPER EX.
  3. Choose the option to integrate an application not in the gallery (a non-gallery application), then create it.

Step 3 — Begin SAML configuration in Azure

Step 3.1 — Go to Single sign-on

With the PROSPER EX application open, select Single sign-on from the application's left-hand menu.

Step 3.2 — Select SAML

Choose SAML as the single sign-on method.

You now have access to all the values you need to exchange between the two platforms. Follow Step 4 to complete the setup.

Step 4 — Exchange configuration values

This is the core of the setup. You'll copy values in both directions between Prosper EX and Azure.

Step 4.1 — Send Prosper's values to Azure

  1. Re-open the Prosper EX tab.
  2. Copy the Identifier (Entity ID) from Prosper and paste it into the corresponding field in Azure's SAML configuration.
  3. Copy the Reply URL from Prosper and paste it into Azure.
  4. Save the Basic SAML Configuration in Azure.

Step 4.2 — Send Azure's values to Prosper

  1. In Azure, copy the Entra Identifier and paste it into the IDP Identifier field in Prosper.
  2. In Azure, copy the Login URL and paste it into the SSO End Point field in Prosper.

Step 4.3 — Download the Signing Certificate from Azure

In the Azure tab, locate the SAML Signing Certificate section and download the Signing Certificate (the Base64 / .cer certificate).

Step 4.4 — Open and copy the certificate

Open the downloaded certificate in Notepad (or any plain text editor) and copy the entire certificate, including all the text content.

Important: Copy the complete contents of the certificate file. Depending on your Prosper field requirements, you may need to include or exclude the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- header lines — if the certificate is rejected, try the alternative.

Step 4.5 — Complete setup in Prosper

  1. Paste the certificate into the X.509 Certificate field in Prosper.
  2. Tick the Enable Single Sign-On checkbox.
  3. Select Submit.

SSO is now configured. Prosper EX and Microsoft Entra ID are connected, and the two systems trust each other for authentication.

Assigning users in Azure

Creating the application doesn't automatically grant your users access. In Azure, assign the users or groups who should be able to sign in to Prosper via SSO:

  1. Open the PROSPER EX Enterprise Application.
  2. Select Users and groups.
  3. Select Add user/group and assign the relevant users or groups.

Only assigned users (or all users, depending on your tenant configuration) will be able to sign in to Prosper through SSO.

Testing your SSO setup

Before rolling out to your whole organisation, test the connection:

  1. Open a private/incognito browser window.
  2. Navigate to your company Prosper portal URL.
  3. Confirm you're directed to the Microsoft sign-in flow.
  4. Sign in with a Microsoft account that's been assigned to the application.
  5. Confirm you land in your Prosper space.

Testing in a private window ensures you're testing the SSO flow cleanly, without an existing session interfering.

Tips and best practices

  • Set up during a quiet window. Enabling SSO changes how everyone signs in — do it when few users are active, and communicate the change in advance.
  • Test before announcing. Always run the private-window test with an assigned account before telling your organisation SSO is live.
  • Keep a break-glass admin. Make sure at least one administrator can still access Prosper if the SSO connection has an issue, so you're never locked out.
  • Match email addresses. SSO matches users between Entra ID and Prosper. Confirm the email addresses in Prosper match the Microsoft accounts your users sign in with.
  • Document your configuration. Note the values you exchanged and the date set up, in case you need to troubleshoot or reconfigure later.

Troubleshooting

Users see an error after signing in with Microsoft.
The most common cause is a mismatch between the user's Microsoft email address and their Prosper account email. Confirm the addresses match exactly.

The certificate is rejected by Prosper.
Re-download the Base64 certificate from Azure and copy the full contents again. If it's still rejected, try including or excluding the BEGIN/END CERTIFICATE header lines, and ensure no extra spaces or line breaks were introduced when copying.

Users get "not assigned to this application".
The user hasn't been assigned to the PROSPER EX Enterprise Application in Azure. Add them under Users and groups.

The sign-in loops back to the login page.
This usually points to a mismatch in the Identifier (Entity ID), Reply URL, or SSO End Point. Re-check that each value was copied correctly in the right direction between the two platforms.

SSO worked, then stopped after some time.
SAML signing certificates expire. If SSO stops working months later, check whether the Azure certificate has expired — if so, generate a new one and repeat Steps 4.3 to 4.5 with the new certificate.

I'm locked out as an administrator.
If you've enabled SSO and can no longer sign in, contact Prosper Support at support@prosperex.com.au to restore access.

Related articles

Related to

Related articles

Comments

0 comments

Please sign in to leave a comment.