SSO Configuration in Mercado Eletrônico

SSO integration via SAML with Microsoft Entra ID (Azure AD).

This guide describes the correct and validated procedure for configuring Single Sign-On (SSO) between Mercado Eletrônico and Microsoft Entra ID (Azure AD) using SAML 2.0, according to the official workflow demonstrated in the video.

Prerequisites

• Administrator access to Microsoft Entra ID.

• Customer company identifier:

  • Example: contoso

• Environment definition:

  • stg (staging)
  • without the <env> (production)

• In the examples below, we use:

  • <env> → environment (qa, stg)
  • <company> → customer company identifier (e.g.: contoso)

---

Step 1 — Create the application in Microsoft Entra ID

1. Access the Azure Portal
2. Go to Microsoft Entra ID > Enterprise applications > New application
3. In the gallery, search for the “Mercado Eletrônico” template.
4. Select the template and click Create.

IMPORTANT

The use of the template is mandatory, as it already contains the correct base settings for the SAML integration.

---

Step 2 — Configure Single Sign-On

1. Access the created application.
2. Go to Single sign-on.
3. Select the SAML method.

---

Step 3 — Configure SAML URLs

In the Basic SAML Configuration section, configure the following fields:

Identifier (Entity ID)

• https://<env>.sso.mercadoe.com/realms/me
• Example: https://stg.sso.mercadoe.com/realms/me

Reply URL (ACS)

• https://<env>.sso.mercadoe.com/realms/me/broker/<company>/endpoint
• Example: https://stg.sso.mercadoe.com/realms/me/broker/contoso/endpoint

Sign-on URL

• https://<env>.me.com.br/login/sso/<company>
• Example: Login

Visual summary of the values:

Field	Value
Identifier	https://<env>.sso.mercadoe.com/realms/me
Reply URL	https://<env>.sso.mercadoe.com/realms/me/broker/<company>/endpoint
Sign-on URL	https://<env>.me.com.br/login/sso/<company>

---

Step 4 — Save and test the configuration

1. Save the settings.
2. Still on the Single Sign-On screen, use the Test option.
3. The correct flow should be:

• Redirect to Entra login
• Successful authentication
• Return to Mercado Eletrônico

If the test fails, review:

• Environment (<env>)
• Company identifier (<company>)
• URLs copied correctly

---

Step 5 — Download the SAML file (required)

After configuration and testing:

1. On the application's Single Sign-On (SAML) screen, download the SAML Metadata XML file.
2. Send this file to the Mercado Eletrônico team

This file is required to complete the SSO configuration on the Mercado Eletrônico side.

---

Important considerations:

• Each customer has its own <company>
• Each environment has different URLs (stg, prd)
• SSO will only work after:
  • URLs are correctly configured in Entra.
  • SAML Metadata is sent and processed by Mercado Eletrônico.

---

Watch the following video illustrating the entire process described above: