Skip to main content
You can also reach out to [email protected] to set up your SSO integration with assistance.

Prerequisites

  • Access to an admin account in your Langdock workspace
  • An Entra ID account with the ability to create and manage Enterprise applications
  • “Join by domain” must be enabled in your Langdock security settings
  • The domain(s) you have set need to be verified by the Langdock team. Click on “verify” or reach out to your contact at Langdock to verify the domain

Create a new Enterprise application in Entra ID

First, you need to create a new Enterprise application in your Entra ID portal. To do this, follow these steps:
  1. In your Entra ID portal navigate to the Overview page and add a new Enterprise application under ”+ Add”“Enterprise application”
  2. Create a new custom application by clicking on ”+ Create your own application”
  3. Name your application (e.g., “Langdock”)
  4. Select the option “Integrate any other application you don’t find in the gallery (Non-gallery)“
Navigate to "Enterprise Application" Click on "Create your own application" then give the application the name Langdock and click on "Integrate any other application..."

SAML Configuration

Langdock uses SAML 2.0 as the standard for SSO authentication. After creating the application, you need to configure the SAML settings, which will allow Langdock to authenticate users via SAML. First, navigate to the “Single sign-on” settings of your newly created application, by selecting “Set up single sign on” and choosing “SAML” as the single sign-on method. Select "2. Set up single sign on" Select SAML as Signle Sign on method Next, you need to get the SAML metadata from Langdock, which you can find in your Security settings, after activating the “SAML Active” toggle. Here, you need to copy two values from the SAML metadata:
  1. The “Audience URI (SP Entity ID)” value(langdock.com)
  2. The “Assertion Consumer Service (ACS) URL” value
Add the Audience URI and the ACS URL in Langdock Now, you can configure the SAML settings in your Entra ID portal, by first clicking “Edit” in the “Basic SAML Configuration” section, and then filling in the following values:
  1. “Identifier (Entity ID)”: The “Audience URI (SP Entity ID)” value from Langdock
  2. “Reply URL (Assertion Consumer Service URL)”: The “Assertion Consumer Service (ACS) URL” value from Langdock
You can leave the other fields empty or with their default values. Finally, save the configuration by clicking “Save”. Click on "Edit" in the Signle Sign-on Settings in Entra Add the Entity ID, Reply UL and click on "Save" You also need to modify the default SAML Certificate configuration, by clicking “Edit” in the “SAML Certificates”“Token signing certificate” section and:
  1. Setting the “Signing Option” to “Sign SAML response and assertion”
  2. Setting the “Signing Algorithm” to “SHA-256”
Finally, save the SAML Certificate configuration by clicking “Save”. Click on "Edit" Add the signing option "Sign SAML response and assertion" and Signing Algorithm "SHA-256" To finalize the SAML setup, you need to copy the Login URL and the SAML Signing certificate from Entra ID to Langdock.
  1. In the “SAML Signing Certificate” section of your Entra ID portal, click on “Download” next to “Certificate (Base64)” link to download the certificate. You have to open the certificate in a text editor and copy the content. This will be in the format of:
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
  1. Copy the “Login URL” value from the “Set up Langdock” section in your Entra ID portal.
Download the Certificate and copy the Login URL In your Langdock workspace, navigate to the Security settings again and paste the copied values into the respective fields:
  1. Fill in the “Issuer” field with the Audience URI specified earlier (langdock.com).
  2. Paste the “Login URL” value from Entra ID into the “Sign on URL” field
  3. Paste the SAML Signing certificate content into the “Certificate” field
Base the Certificate, Sign on URL and Issuer into langdock

Test the SAML setup

To test the setup, please stay logged in in the current browser session and open seperate browser or an incognito window and navigate to https://app.langdock.com.
Enter an email address of a user in your Entra ID account and click “Continue”. You will be redirected to the Entra ID login page, where you can enter your credentials. After successful authentication, you will be redirected back to Langdock and logged in. Login with the company email Enter MS Password to login to Langdock

Multiple Workspaces with the Same Entra ID Tenant

If you want to connect multiple Langdock workspaces to the same Entra ID tenant, this is possible but requires manual configuration by the Langdock team.
For each additional workspace, you need to:
  1. Create a separate Enterprise application in Entra ID for each workspace you want to connect (following the same steps as above)
  2. Use a unique Identifier (Entity ID) for each app registration. Instead of using langdock.com, use a unique identifier like yourcompany.langdock.com or workspace-name.langdock.com
  3. Contact Langdock support at [email protected] with the following information for each additional workspace:
    • The Issuer (your unique Entity ID)
    • The Login URL (Sign-on URL)
    • The Certificate (Base64)
You cannot configure multiple SAML workspaces yourself. The Langdock team needs to manually configure the additional workspaces in the backend.

Workspace Switching Behavior

When users have access to multiple SAML-enabled workspaces with the same domain:
  • After entering their email address during login, users will see a workspace picker to choose which workspace to access
  • The regular “switch workspace” button is not available for SAML users
  • To switch between workspaces, users need to log out and log in again, then select the desired workspace from the picker

Troubleshooting

If you encounter any issues during the setup, reach out to [email protected] for assistance.