Back to Learning CenterAccountsInstalling textexpanderSsoAzure

Setting Up Single Sign-On (SSO) with Microsoft Entra (Azure) in TextExpander

What you will need to before getting started:

  • Plan Requirement: SSO is available on Growth and Enterprise organization plans.
  • Admin Access: You’ll need to be both a TextExpander admin and a Microsoft Entra (Azure AD) admin.
  • Technical Knowledge: Familiarity with SSO configuration within your Identity Provider (IdP).

    IdP Metadata: Your Identity Provider XML Metadata file (plain text, not a URL).
  • Organization ID (ACS URL)

TextExpander-Side Setup (SP)

1. Log in to TextExpander.com using your admin account.

2. In the left menu, go to Organization → Single Sign-On.

3. Select Azure as your SSO Provider

4. Copy your ACS URL — you’ll need this during your Microsoft Entra configuration

5. Add an SSO Point of Contact – This should be the primary person responsible for managing SSO. Used by TextExpander Support if troubleshooting or verification is needed.

6. Paste your metadata into the IdP Metadata field. Important: Paste the full XML metadata as plain text. Do not submit a URL.

7. Save and test your configuration before enabling “Require Single Sign-On.”
• Testing ensures your users can log in successfully before enforcing SSO.

Microsoft Entra (Azure AD) Setup (Identity Provider Side)

1. Go to the Microsoft Entra Marketplace and install the TextExpander connector:
TextExpander Entra Setup Guide

2. Follow the setup steps in Microsoft’s documentation: Azure AD Tutorial →

3. When prompted, enter your ACS URL from the TextExpander setup page.

Note for U.S. Government Cloud Users:
If you’re using Azure AD in the U.S. Government Cloud, your URLs and Entity IDs will use .us domains (e.g., https://login.microsoftonline.us). Functionality remains the same.

SCIM Provisioning (Enterprise Only)

Automated user provisioning and deprovisioning via SCIM are available for Enterprise customers.

For SCIM setup assistance, please contact TextExpander Support.

Testing your SSO Login

Before enforcing SSO, test your setup to confirm everything works as expected.

Follow this guide to test your configuration:

Testing Your SSO Setup →

Tips:

Metadata format: Paste the raw XML (plain text) into TextExpander—not a link.
ACS mismatch: Ensure the ACS URL in Entra exactly matches the one shown in TextExpander.
NameID/claims: Follow Microsoft’s tutorial exactly (NameID format and required claims).
Government Cloud: Use .us endpoints if applicable.
Enforce last: Only enable Require Single Sign-On after a clean test.

Try TextExpander

No credit card required

TextExpander
Learn
Blog
Company

© 2025 TextExpander, Inc. TextExpander is a registered trademark.

Do not sell or share my personal information Notice at collection