# Azure AD

**Overview**

This guide provides instructions on how to create and configure a SAML-based Single Sign-On (SSO) application in Azure Portal. Follow these steps to integrate your application with Protege.

**Step 1: Create a SAML Application in Azure Portal**

1. **Log in to Azure Portal:**
   * Sign in to the [Azure portal](https://portal.azure.com) using your administrator credentials.
2. **Register a New Application:**
   * Navigate to **Enterprise applications**.
   * Click on **New application**.
   * Select **Create your own application**.
   * Provide a name for the application and choose **Integrate any other application you don't find in the gallery (Non-gallery)**.<br>

     <figure><img src="https://2804394160-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FD9Htw9DUg294GuYmAyyj%2Fuploads%2Fgit-blob-6a0cb6c252eb52ee023d9506c1291a0e6b700830%2FCleanShot%202024-08-13%20at%2000.25.05%402x.png?alt=media" alt=""><figcaption></figcaption></figure>
3. **Set Up SAML-based SSO:**
   * Under the application’s settings, go to **Single sign-on**.
   * Choose **SAML** as the single sign-on method.\
     ![](https://2804394160-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FD9Htw9DUg294GuYmAyyj%2Fuploads%2Fgit-blob-3354cca9293ec85973847f2cbfc196b2646a477a%2FCleanShot%202024-08-13%20at%2000.27.41%402x.png?alt=media)
4. **Basic SAML Configuration:**
   * On the **Basic SAML Configuration** section, click **Edit** and fill in the following fields: replace `{{org-name}}` with your organization name in `kebab-case`
     * **Identifier (Entity ID)**: `urn:auth0:protegeai:{{org-name}}-production`
     * **Reply URL (Assertion Consumer Service URL)**: [https://protegeai.us.auth0.com/login/callback?connection={{org-name}}-production](https://protegeai.us.auth0.com/login/callback?connection={{CLIENT}}-production)
     * **Sign on URL**: Leave this blank.

**Step 2: Provide the required information**

Please collect the information below and share with us.

1. **Primary Domain**
   * You can find the Primary domain in Microsoft Entra ID<br>

     <figure><img src="https://2804394160-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FD9Htw9DUg294GuYmAyyj%2Fuploads%2Fgit-blob-090a14afe1f1795420a5d16b5ec60fbc7867e30a%2Fimage.png?alt=media" alt=""><figcaption></figcaption></figure>
2. **Application ID**
   * The Application ID of the Enterprise Application you created in **Step 1**<br>

     <figure><img src="https://2804394160-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FD9Htw9DUg294GuYmAyyj%2Fuploads%2Fgit-blob-f136275dd5e421a5de37aa43ab72b0a9c0a45be6%2Fimage.png?alt=media" alt=""><figcaption></figcaption></figure>
3. **Client Secret**
   * Visit **App registrations** and open your new Enterprise Application<https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/ApplicationsListBlade>
   * Create a new secret and save the **Value**. Please note that the secret have an expiration so we need to renew the secret before it expires<br>

     <figure><img src="https://2804394160-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FD9Htw9DUg294GuYmAyyj%2Fuploads%2Fgit-blob-2c4de757faa738780a83f5e9695a55c4be090cbe%2Fimage.png?alt=media" alt=""><figcaption></figcaption></figure>

Once we have the required information above, our team will handle the remaining setup. We will inform you shortly once the integration is ready for use.

***Note:*** If you experience any issues during the linking process or have questions related to Single Sign-On (SSO) integration, please reach out to our support team at <founders@tryprotege.com>. We are available to assist you and ensure a seamless integration with your authentication system.