How to self-configure SSO with Azure

Simplify the sign-on process for your Enterprise team. βš™οΈ

πŸš€  We have a new & improved experience for Admins to configure SSO & Directory sync! πŸš€

If you are a setting up SSO and Directory Sync for the first time, please refer to this article:
How to configure SSO & Directory sync

If you have already configured SSO using our previous set up and want to configure Directory sync, please reach out to your Customer Success or Account Manager. We are currently working on a self-serve method to migrate existing customers to the new set up. 

Loom uses single sign-on (SSO) for Enterprise users to simplify the sign-in process and allow access to Loom using several authentication sources, including Azure. Your Workspace must be subscribed to the Enterprise plan if you wish to set up SSO.

πŸ‘‰Note: Loom does not currently support IdP-Initiated SSO. Please Browse to to login.

If you're the Admin of your company's Loom account, you can configure SSO using the following steps:

  1. Go to your Workspace settings by clicking on Settings in the left navigation bar of your Library. Open the security tab and toggle on Single Sign On (SSO).

  2. Select Azure as your IdP for configuration. Keep this tab open, as you'll be returning to your Loom Workspace later.

  3. Navigate to and sign in as an administrator. Click on Enterprise Applications.

  4. Click New application and then click Create your own application in the top left. You should have Integrate any other application you don't find in the gallery selected. Name your app Loom. Click create.

  5. Click on Loom in your list of All applications. Navigate to Users and groups (on the left) and select Add user at the top. Select the users you want to add. Hit Assign at the bottom of your screen.


  6. Click Single sign-on on the left side of your screen and select SAML.

  7. You'll need to grab some information from Loom to paste into Azure.

    • Paste the Identifier (Entity ID) from Loom in the Identifier (Entity ID) in Azure (click Edit next to 1. Basic SAML Configuration).
    • Paste the Reply URL (Assertion Consumer Service URL) from Loom in the Reply URL (Assertion Consumer Service URL) in Azure. Click Save.
  8. Click 2. User Attributes & Claims. You'll need to change the names of some of these.

    • Select the first Claim name, user.mail, and change its name to email. Click Save.
    • Select givenname and change its name to firstName. Note that this is case sensitive. Click Save.
    • Select surname and change it to lastName. Again, this is case sensitive.
  9. Click SAML-based sign-on at the top of your screen to go back. Scroll down to 3. SAML Signing Certificate and download the Certificate (Base64). Copy the Login URL under 4. Set up Loom. Back in Loom, paste the Login URL under Login URL. Upload the certificate under Certificate (Base64). Save.

πŸ‘‰Note: Using SSO, Admins can set a default member role for assigning to users added to the Workspace through Just-in-Time provisioning.

Domain verification

Your team will only be able to log into Loom for Teams via SSO once at least one of your domains are verified. Once enabled, account holders with domains other than those authorized will lose access. Add a domain using either the email verification option or the DNS text record verification option. Note that for the email verification option, you'll need access to an administrator email and will need to test your connection after verifying to ensure that your connection is set up correctly (not doing so might result in getting locked out of your Loom account).


Questions, comments, concerns? Contact us here.   

Happy recording! πŸŽ₯ πŸ˜„

1 out of 1 found this helpful