This feature is available only on the Enterprise subscription plan.
In this article you'll learn how to set up single sign-on with Lokalise and Microsoft Entra ID (previously known as Microsoft Azure AD).
Configuration on Lokalise
To get started, log into Lokalise, click on the avatar in the bottom left corner and choose Team settings:
Then, proceed to the Advanced security tab and tick the Enable SSO field:
Team's domain — enter your Entra ID domain. Make sure the domain is entered fully with TLD (
SAML 2.0 Endpoint (HTTP) — should end with
/saml2, for example
https://login.microsoftonline.com/2d2e4745-1603-48d7-87c4-00b61b4d248f/saml2. Learn more at the section below.
Identity Provider Issuer — should look similar to this
https://sts.windows.net/2d2e4745-1603-48d7-87c4-00b61b4d248f/. Learn more at the section below.
Public Certificate — enter the value from the Entra ID SAML app configuration (please check the section below to learn more). Must begin with
-----BEGIN CERTIFICATE-----and end with
Sign AuthnRequest — is not usually required. However, you can still enable this option, copy the value to the
.crtfile and import this file to the necessary service.
If you need to reconfigure the same SSO domain for another Lokalise team, please follow these steps:
Empty all fields within Single sign-on (SSO) section of the Advanced security tab.
Uncheck Enable SSO setting.
Click on Save.
Proceed with configuring SSO for the other Lokalise team.
Configuration on Entra ID
Open Entra ID admin center dashboard and proceed to the Single sign-on tab. Here's the sample configuration:
Basic SAML Configuration
Identifier (Entity ID) —
Reply URL (Assertion Consumer Service URL) — enter the ACS URL Preview value from Lokalise settings
Sign on URL —
Attributes & Claims
Unique User Identifier (Name ID) — must be unique, pseudo-random, and will not change for the user over time — like an
employee IDnumber, for example. Name identifier format must be
first_name (optional) —
last_name (optional) —
Please note that attribute names and values are case-sensitive. All other claims can be left as is, Lokalise will disregard those anyway.
SAML Signing Certificate
Signing Option — choose Sign SAML response and assertion
Signing Algorithm — choose SHA-256
Also, you'll need to download the Certificate (Base64) from this section, open the downloaded file with any text editor, copy and paste the text into the Public Certificate field in Lokalise:
Set up Lokalise SAML App
Login URL — copy-paste this value into the SAML 2.0 Endpoint (HTTP) field on Lokalise.
Azure AD Identifier — copy-paste this value into the Identity Provider Issuer field on Lokalise.
Logout URL — currently unsupported.
Add users to SAML app in Azure AD
Proceed to Users and groups, click Add user/group:
Email field in the Contact info section of a user must be populated:
Logging in with SSO
Once everything is set up, proceed to
https://app.lokalise.com/sso and enter user email associated with the Azure domain. Upon the first log in, you'll be asked to confirm your email: