Configure SAML-based single sign-on (SSO) with Microsoft Entra ID (Azure AD)

Who can use this feature?

🔐 Only team owners and admins can configure single sign-on (SSO)

⭐️ Available on the paid plans.

Step 1: Prepare the configuration

  1. Log in to Nuclino.

  2. Open your Team settings by opening the main menu in the top left corner of the app, clicking on your team name, and then choosing Team settings.

  3. Go to the Authentication section and choose SAML-based single sign-on (SSO).

  4. Note the ACS URL and Entity ID.

Step 2: Set up Azure AD (Active Directory) for Nuclino

  1. Sign in to the Azure portal using your Azure Active Directory administrator account.

  2. On the left navigation panel, select Azure Active Directory.

  3. Navigate to Enterprise applications. Then go to All applications.

  4. Click New application at the top of the dialog.

  5. Type Nuclino in the search box, select Nuclino from the result panel, and click Add.

  6. In the Azure portal, on the Nuclino application integration page, click Single sign-on.

  7. Select SAML-based Sign-on as the Single Sign-on Mode.

  8. In the Nuclino Domain and URLs section, perform the following steps:

    1. Identifier (Entity ID): Enter your Entity ID from Step 1

    2. Reply URL: Enter your ACS URL from Step 1

  9. Update the User Attributes to match the following configuration:

  10. Save the configuration by clicking on Save in the top left corner.

  11. Click on Configure Nuclino.

  12. Note the SAML Single Sign-On Service URL, SAML Entity ID, and download the SAML Signing Certificate - Base64 encoded. You'll need to enter these values and the content of the certificate file in your Nuclino team settings in the next step.


Step 3: Integrate Nuclino with your identity provider

  1. Log in to Nuclino.

  2. Click the menu button in the top left corner to open the main menu.

  3. Click on your team name and select Team settings.

  4. Go to the Authentication section and choose SAML-based single sign-on (SSO).

  5. Enter the following information

    1. SSO URL: Enter the SAML Single Sign-On Service URL you've noted in Step 2

    2. IDP Entity ID: Enter the SAML Entity ID you've noted in Step 2

    3. Public certificate: Open the certificate you downloaded in Step 2 in a text editor and copy and paste the content into this field.

  6. Click Save changes.

  7. Optional: Enforce single sign-on (SSO)

Step 4: Assign users and groups in Azure AD

Assign users and groups to your Nuclino SAML application in Azure AD to control who should be able to access your Nuclino team via single sign-on. Please read the Azure AD documentation for more information on how to do this.

After you have successfully set up SSO

Your team can now sign up and log in via your team URL which you can find in your team settings in the Authentication section.

  • People who already have a Nuclino account with the same email address as their SSO account can choose to link this account. Afterwards, they can log in using their existing Nuclino account or use SSO instead.

  • For people who don't have a Nuclino account yet, a new account is provisioned when they log in for the first time using your team URL.

Users who have already set up SSO for their Nuclino account can also go to the normal login ( and select Log in via single sign-on (SSO).


If you have any questions or need help to set up SSO for Nuclino, please contact us.