Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  1. Paste this URL into your browsr:

    1. Cloud Customers:{t} - replace {t} with the tenant id name of your

      Azure SAML tenant - Ex; azuread

    2. On-premise customers: http://<server>:<port>/frevvo/web/saml/metadata/alias/{t} - replace <server> with the ip of your server, <port> with the port number (if applicable) and t with the name of your frevvo tenant id).

  2. When the metadata displays, right click and select the browser option to View the Page source.
    Image Removed


    save the page as an xml file.

    Image Added

  3. We will need to copy the entire metadata from this file to the Azure SAML Security Manager configuration screen.
  4. Metadata must be generated for each Azure SAML tenant. Each tenant will have a unique URL.


  1. Browse the azure tenant (IdP) metadata at:{azure-tenant-name}/FederationMetadata/2007-06/FederationMetadata.xml - replace {azure-tenant-name} with the id of your

     application in the Azure Active Directory. This can be obtained by viewing the endpoint URLS listed when you click Endpoints in your frevvo Azure application. In this example, fece6b7e-fbc6-4b3a-8287-fc07c29aa2d2 is the application id in Azure Active Directory.

    Code Block
  2. Copy the source of the IDP metadata XML and save it Save all the metadata returned as an xml file.  We will need to copy the entire metadata from this file to the Azure SAML Security Manager configuration screen.

Step 4 - Create/edit the Azure SAML tenant


  • Clicking the logout link in
    , logs the user out from
  • When a user logs in to space, the logout link will not be visible in an Azure AD (SSO) tenant.
  • When a user logs in to
    (non-space mode), the logout link will  be visible in an Azure AD (SSO) tenant.


Azure SAML Tenant backdoor admin user

Just a reminder that the tenant admin account can login directly into Live Forms or use the Azure SAML login.

When you create a new tenant you are prompted to set up a tenant admin user id and password. This tenant admin does not authenticate via your Azure SAML IDP. It only exists in Live Forms. If you experience an issue with your Azure SAML configuration such that you can't login as an Azure SAML authenticated user, this account provides a backdoor you can use to login to your tenant as a tenant admin in order to fix your Azure SAML configuration issue. Only one backdoor tenant admin account is supported.

Image Modified

If your tenant originally used the Default Security Manager and then you changed to the Azure SAML Security Manager, this tenant admin account has already been setup. If you have forgotten the password, you can change it by :

  • Using the Live Forms Forgot Password? feature for the tenant admin account.
  • Logging in as a Azure SAML authenticated tenant admin and changing the password via Manage Users.

What if you do not remember the userid of your original tenant admin? Follow these steps:

  1. Login as your authenticated Azure SAML tenant admin
  2. Click Manage Users and click the Image Modifiededit admin icon.

Session Timeout

Session timeouts are configured in

and in your Azure SAML IDP. If a user's session ends before the IDP timeout is reached, they will automatically be logged back into
if they try to access it again. It is recommended that the
session timeout and the IDP session timeout be configured for the same value.