This feature is available in Lucy 4.6 or newer version.
This article describes step by step instruction of the SSO integration with Azure AD. An additional information about what SSO in Lucy is designed for can be found here.
Find more about Azure AD Single Sign-on configuration here
Note The attribute user.mail is always empty if the user does not exist in your Office 365 Exchange server. Instead you will have to use the attribute user.userprincipalname or other one that contains user's email address.
Do not forget to activate the encryption for the uploaded certificate
To enable support for the subdomains, set the value in the Domain field in the following way ".domain.com"
Using wildcard domain name will allow you to use different subdomains in your campaigns.
Please note, Azure AD does not support multiple second-level domains in a single application.
If you are getting back to the login page, try checking the Claim rules (see the section Enable Single sign-on in Lucy, "Add a new Claim 'mail'…"). There must be a claim named "mail", with empty "Namespace" and Source attribute that contains user email address. For example: