SSO Configuration on Mercado Eletrônico (ME.com.br) via Microsoft Entra ID (Azure AD)
Prerequisites
Administrator access to:
- Microsoft Entra ID (Azure AD)
- Mercado Eletrônico (ME.com.br) dashboard ✅ A unique
<sso-identifier>provided by ME support.
Step-by-Step: Configuring the Application in Azure AD
Create the Application
- Access the Azure Portal.
- Navigate to: Microsoft Entra ID → Enterprise Applications → New application.
- Select:
- Name: Mercado Eletrônico SAML
- Type: "Integrate any other application you don’t find in the gallery"
Configure SAML SSO
In the created application, go to: Single sign-on → SAML.
Step 1 - Basic SAML Configuration:
- Identifier (Entity ID):
urn:auth:me.com.br(confirm with ME) - Reply URL (ACS):
https://me.com.br/login/sso/<sso-identifier>/acs
❗️ Replace
<sso-identifier>with the ID provided by ME.
Step 2 - Azure AD Metadata:
- Copy the Federation Metadata URL (under “Federation Metadata”) and send it to ME support.
❗️ Example URL:
https://login.microsoftonline.com/<tenant-id>/federationmetadata/2007-06/federationmetadata.xml?appid=<app-id>
Step 3 - Upload ME Metadata:
- After receiving the
.xmlfile from ME, click: Upload metadata file → Upload the file; - Fill the required Sign on URL field with:
https://me.com.br/login
❗️ Login is always initiated from ME’s URL, but this field is required in Azure AD.
- Click Save.
Test the SSO
- Access the ME login URL using your
<sso-identifier>:https://me.com.br/login/sso/<sso-identifier> - If it redirects to Azure AD and authenticates successfully, SSO is working!
Tips and Troubleshooting
🔧 Additional Configuration (Optional)
SAML Attributes: In “Attributes and Claims”, add:
- NameID:
user.mail - Custom attributes (e.g.,
company_idas a fixed value)
🔴 Common Errors
| Issue | Solution |
|---|---|
| Invalid metadata | Check if the .xml file is complete or request a new one from ME. |
| Missing Sign on URL | Fill in with https://me.com.br/login (required field). |
| Expired certificate | Renew it in the SAML Signing Certificate section in Azure AD. |
📌 References
🤖 Possible issues and suggested prompts for AI use
Initial configuration (App Registration/Enterprise App)
- Possible issue: "Application doesn’t appear in Azure Entra ID after configuration"
- Suggested prompt: "While configuring SSO in Azure Entra ID, my app doesn't show in 'Enterprise Applications'. What might be wrong and how can I fix it?"
Metadata/SSO URLs issues
- Possible issue: "Invalid or mismatched Reply URL"
- Suggested prompt: "I get the error 'Reply URL does not match' when logging in via SSO. How can I verify and correct the redirect URLs in Azure Entra ID?"
Attributes and claims (User mapping)
- Possible issue: "User does not receive correct attributes (e.g., email, name) in the SAML token"
- Suggested prompt: "User attributes like email and name are missing from the SAML token. How can I configure required claims in Azure Entra ID?"
Certificates (Signing/Expiration)
- Possible issue: "Expired or invalid certificate"
- Suggested prompt: "I'm getting an 'Invalid certificate' error during SSO login. How can I renew or replace the SAML signing certificate in Azure Entra ID?"
User provisioning (SCIM)
- Possible issue: "Users are not automatically created/updated in the SaaS"
- Suggested prompt: "Automatic user provisioning (SCIM) isn't working. How can I troubleshoot sync errors between Azure Entra ID and my SaaS?"
Permission/Consent issues
- Possible issue: "Admin consent required"
- Suggested prompt: "I'm receiving an 'Admin consent required' message while setting up SSO. What exact permissions must the admin grant in Azure Entra ID?"
Generic errors (Logs and Troubleshooting)
- Possible issue: "Generic login failure via SSO"
- Suggested prompt: "SSO login fails with no clear error. How can I analyze Azure Entra ID audit logs to find the root cause?"