Skip to main content
Configure Single Sign-On (SSO) with Azure Entra ID (formerly Azure Active Directory) to enable your team to access Beam using your organization’s existing credentials.

Prerequisites

Before configuring SSO, ensure you have:
  • Administrative access to Microsoft Entra ID
  • Administrative access to your Beam workspace
  • Access to your organization’s Azure tenant
Authentication Method: Beam uses SAML 2.0 for SSO integration with Azure Entra ID. This guide walks through the complete setup process in both Azure and Beam.

Configure Azure Entra ID

1

Go to Microsoft Entra ID

Log into the Azure Portal and navigate to Microsoft Entra ID.
2

On left Side bar you will see Enterprise Application open it

Enterprise Application
3

Now click on a new application

New application
4

Click on Create your own Application on side bar select option 3 and set application name

Create your own Application
5

Now application is created click on option 2. Set up single sign on

Set up single sign on
6

Now open single sign on from the left bar and choose SAML

Choose SAML
7

Now edit basic SAML Configuration

Identifier (Entity ID):
urn:production:sp:beam:<workspaceID>
Reply URL:
https://app.beam.ai/api/auth/saml/callback
Basic SAML Configuration
8

Add these attributes and claims

Attributes and claims
9

Download Federation Metadata XML and follow step 11

Download Federation Metadata XML

Configure Beam Platform

1

Now go to app.beam.ai login into it open workspace settings from top left and click on SSO and do these entries and upload XML file

Attribute Mappings:
email: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
family_name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
given_name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
nickname: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nickname
Upload the Federation Metadata XML file you downloaded from Azure.Click Save to enable SSO for your workspace.
SSO Activation: Once saved, users can access Beam by clicking “Sign in with SSO” on the login page and entering their company email address.

Testing Your SSO Setup

After configuration, test the SSO integration:
1

Test User Login

Log out of Beam (if currently logged in), navigate to app.beam.ai, and click Sign in with SSO. Enter a user’s company email address. The user should be redirected to Azure for authentication, then logged into Beam after successful Azure login.
2

Verify User Profile

Check that user profile information is correctly populated, verify email and name match the Azure profile, and confirm workspace access is granted appropriately.

Troubleshooting

Cause: The Beam application may be blocked by your organization’s Azure security policies.Solution:
  • Have an Azure administrator locate the Beam application in the Enterprise Applications list
  • Grant necessary permissions for the application
  • Ensure users or groups are assigned to the application
  • Verify the application is not blocked by Conditional Access policies
Cause: Attribute claim names in Azure don’t match the expected format in Beam.Solution:
  • Verify the attribute mappings in Azure match exactly
  • Check that source attributes are available in user profiles
  • Re-download and re-upload the Federation Metadata XML file
  • Contact Beam support if issues persist
Cause: SSO configuration may not be saved correctly or needs time to propagate.Solution:
  • Verify SSO configuration is saved in Beam workspace settings
  • Wait 5-10 minutes for configuration to propagate
  • Clear browser cache and try again
  • Check that Federation Metadata XML was uploaded successfully
Cause: Users may not have workspace access or proper role assignments.Solution:
  • Ensure users are invited to the Beam workspace
  • Check user role assignments in workspace settings
  • Verify email addresses match between Azure and Beam invitations
  • Have users check spam/junk folders for invitation emails

Next Steps

Workspace Setup

Configure workspace settings and invite team members

Quickstart Guide

Build your first AI agent after SSO is configured