For accounts with frequent user email changes, we have introduced a specialized login solution to accommodate their unique needs. While email addresses change frequently, each user has a "User Principal Name" (UPN) that remains constant, allowing for a stable login identifier.
Primary Login via Email - By default, Paperflite will attempt to authenticate users using their email.
Logging in via UPN - For this implementation, Paperflite will check the UPN for authentication to ensure access.
Email Synchronization
When a user’s email changes in the SSO, Paperflite will update the email in its system within approximately 40 minutes.
This setup ensures seamless login experiences for users, even with changing email addresses.
To configure Microsoft Azure SSO for your account and enable login to Paperflite using your User Principal Name (UPN), follow the steps outlined below.
Step 1:
Login to https://login.microsoftonline.com/ with your credentials.
Step 2:
> You will land on the Azure portal’s home screen.
> Click on View on the Manage Azure Active Directory tab.
Step 3:
Once you enter the Default Directory, under the Manage tab, click on Enterprise application.
You'll be taken to the applications window, where all of your previously created applications are displayed. Select the application you have created for Paperflite.
Note: The app created below is only for representational purposes.
Step 4:
We will now proceed and set up Single Sign-on so that you can easily log into the Paperflite platform.
Step 5:
Once you’re in, below are the SAML configuration values to be entered.
Note: For each category, choose the Edit option to make the changes.
1. Basic SAML Configuration
Below are the details to be entered against each option:
Identify entity ID - app.paperflite.com
Reply URL (Assertion Consumer Service URL) - https://auth.paperflite.com/saml/SSO
Relay State (Optional) - https://app.paperflite.com/accounts/6368*******************0
Note: Please add the Account SSO ID provided by the Paperflite team after the accounts/
Attributes and Claims
Navigate to Attributes and Claims > Click Edit.
Select Unique User Identifier (Name ID).
Set Source to Attribute and Source Attribute to user.userprincipalname, then click Save.
SAML Certificates
You can now proceed to download the SSO configuration file under the Federation Metadata XML file.
After the setup is complete, submit the downloaded certificate to your Customer Success Manager at Paperflite or the Paperflite support team, and we'll enable it in the backend for your account.
Set up Paperflite Production
After the configuration, these are quick checks to ensure that all the URLs are in place.
Test single sign-on with Paperflite Production
Once the team has added the SSO file, you can use the Test option to do a quick check. This will give you an insight into your sign-in experience on the Paperflite platform.
Testing SSO login post setup
There is another way to test this on your end to ensure that the users log in to the Paperflite application without any hassle.
> Go to myapps.microsoft.com. Log in using the respective credentials of the user added to the account
> Click on the application that the users have been added to from the list of all the apps present.
Configure Provisioning:
From the Dashboard, go to Enterprise Applications > Select the app associated with Paperflite for SSO.
On the left-hand side under Manage, click Provisioning.
Provisioning Configuration:
a) Provisioning Mode: Set to Automatic.
b) Admin Credentials:
Tenant URL: Enter http://scim.api.paperflite.com/api/1.0/azure.
Secret Token: Enter the secret token provided by Paperflite (contact your Customer Success Manager or Paperflite Support for assistance).
Ensure to Click Save at the top so that you can access Mappings.
Go to Mappings > Select Provision Microsoft Entra ID Users.
Click Add New Mapping
Ensure that the attributes align with the specified configuration (refer to the provided screenshot for details).
Set Matching Precedence for Attributes
Select the userType attribute, set the Matching Precedence to 2 initially, and click OK.
Modify userName Attribute
Go back and Navigate to the userName attribute and click Edit.
Under Match objects under this attribute, select No, then click OK.
Update Matching Precedence for userType
Return to the userType attribute, change the Matching Precedence to 1, and save your changes.
Go back to Provisioning configuration, and navigate to Settings, below Mappings.
Scope: Sync all users and groups.
Provisioning Status: ON.
Click OK.
Adding Users to Azure account for SSO
If you have multiple users on the Paperflite account and want them to log in via SSO, they have to be added to the Azure SSO account. Here’s how you can do it:
> Choose the respective application.
> Once inside the application, select Users and Groups from the left menu tab.
> You will be redirected to the User List tab. To add new users, click on the Add User/Group option present at the top.
How to Locate the User Principal Name (UPN)
Navigate to your Dashboard and select Microsoft Entra ID.
2. On the left-hand menu, under Manage, click Users.
3. From the list of users, select the specific user whose UPN you want to find.
4. The User Principal Name (UPN) will be displayed and highlighted on the user details page.
Still got queries? Reach out to support@paperflite.com and we’ll be happy to help.