# MICROSOFT ENTRA ID
Single Sign-On (SSO) allows users to access multiple applications with a single set of credentials, enhancing security and usability. This guide provides step-by-step instructions on how to configure SSO for an application in **Microsoft My Apps** using **Azure Active Directory (Entra ID)**.
### **Prerequisites**
Before proceeding, ensure you have:
* **Admin access** to **Azure Active Directory (AAD)**
* **An existing application** in Azure (or the ability to create one)
* **SSO configuration details** from the E6data platform (Entity ID, Reply URL)
### **Procedure**
#### **1. Log in to Azure Portal**
1. Open a web browser and go to the [Azure portal](https://portal.azure.com).
2. Sign in using an **administrator account**.
**2. Access Enterprise Applications**
1. In **Azure Services**, click **Enterprise Applications**.
* A list of all existing enterprise applications appears.
**3. Create a New Application**
1. Click **New Application**.
2. On the **Browse Azure AD Gallery** page, select **Create your own application**.
3. In the **Create your own application** dialog box:
* Enter a name for the application (e.g., demo123).
* Select **Integrate with a non-gallery application**.
* Click **Create**.
4. The application is added to the list of enterprise applications.
#### **4. Configure Single Sign-On (SSO)**
1. In the **Getting Started** pane, locate the **Set up single sign-on** card and click **Get Started**.
2. The **Select a single sign-on method** page appears. Click **SAML**.
#### **5. Configure Basic SAML Settings**
1. On the **SAML-based Sign-on** page, click **Edit** under **Basic SAML Configuration**.
2. In the **Basic SAML Configuration** page:
* **Identifier (Entity ID)** – Copy and paste the **Audience URI (SP Entity ID)** from the **E6data SSO page**.
* **Reply URL (Assertion Consumer Service URL)** – Copy and paste the **Single Sign-On URL** from the **E6data SSO page**.
3. Click **Save**.
**6. Configure Attributes & Claims**
1. Close the **Basic SAML Configuration** page.
2. On the **SAML-based Sign-on** page, locate the **Attributes & Claims** section and click **Edit**.
3. Click **Add new claim** and set the following attributes:
* **Email**
* **Full Name**
4. Click **Save**.
#### **7. Add Group Claims** (Optional, if required by the application)
1. On the **SAML-based Sign-on** page, scroll to the **Attributes & Claims** section and click **Edit**.
2. Click **+ Add a group claim**.
3. In the group claim settings:
* Under **Group Types**, select: **Security groups**
* Under **Format**, select: **Group ID (default)**
*
```
1. Navigate to **Advanced options**.
```
```
2. Select **Customize the name of the group claim**.
3. Set the **Name** field to **group\_ids**
This ensures the Control Plane can identify user group memberships for access control.
```
4. Click **Save** to apply the group claim.
**8. Download the Federation Metadata XML**
1. On the **SAML Certificates** card, locate **Federation Metadata XML** and click **Download**.
* The browser will download the **Azure metadata file**.
#### **9. Upload Federation Metadata in E6data**
1. Go to the **E6data platform**.
2. Upload the **Federation metadata.xml** file downloaded from Azure.
3. Click **Next** to complete the setup.
**10. Assign Users to the Application**
After configuring SSO, you need to assign users who should have access to the application.
**Go to the Enterprise Application**
1. In the **Azure Portal**, navigate to **Enterprise Applications**.
2. Select the application you just created (e.g., demo123).
**Open the Users and Groups Section**
1. In the left-hand menu, click **Users and Groups**.
2. Click **Add user/group**.
**Assign Users or Groups**
1. Click **Users** and select the users who need access.
2. If needed, assign a **role** (default is "User").
3. Click **Assign** to save the changes.
{% embed url="" %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.e6data.com/product-documentation/access-control/single-sign-on-sso/microsoft-entra-id.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.