# MICROSOFT ENTRA ID Single Sign-On (SSO) allows users to access multiple applications with a single set of credentials, enhancing security and usability. This guide provides step-by-step instructions on how to configure SSO for an application in **Microsoft My Apps** using **Azure Active Directory (Entra ID)**. ### **Prerequisites** Before proceeding, ensure you have: * **Admin access** to **Azure Active Directory (AAD)** * **An existing application** in Azure (or the ability to create one) * **SSO configuration details** from the E6data platform (Entity ID, Reply URL) ### **Procedure** #### **1. Log in to Azure Portal** 1. Open a web browser and go to the [Azure portal](https://portal.azure.com). 2. Sign in using an **administrator account**. **2. Access Enterprise Applications** 1. In **Azure Services**, click **Enterprise Applications**. * A list of all existing enterprise applications appears. **3. Create a New Application** 1. Click **New Application**. 2. On the **Browse Azure AD Gallery** page, select **Create your own application**. 3. In the **Create your own application** dialog box: * Enter a name for the application (e.g., demo123). * Select **Integrate with a non-gallery application**. * Click **Create**. 4. The application is added to the list of enterprise applications. #### **4. Configure Single Sign-On (SSO)** 1. In the **Getting Started** pane, locate the **Set up single sign-on** card and click **Get Started**. 2. The **Select a single sign-on method** page appears. Click **SAML**. #### **5. Configure Basic SAML Settings** 1. On the **SAML-based Sign-on** page, click **Edit** under **Basic SAML Configuration**. 2. In the **Basic SAML Configuration** page: * **Identifier (Entity ID)** – Copy and paste the **Audience URI (SP Entity ID)** from the **E6data SSO page**. * **Reply URL (Assertion Consumer Service URL)** – Copy and paste the **Single Sign-On URL** from the **E6data SSO page**. 3. Click **Save**. **6. Configure Attributes & Claims** 1. Close the **Basic SAML Configuration** page. 2. On the **SAML-based Sign-on** page, locate the **Attributes & Claims** section and click **Edit**. 3. Click **Add new claim** and set the following attributes: * **Email** * **Full Name** 4. Click **Save**. #### **7. Add Group Claims** (Optional, if required by the application) 1. On the **SAML-based Sign-on** page, scroll to the **Attributes & Claims** section and click **Edit**. 2. Click **+ Add a group claim**. 3. In the group claim settings: * Under **Group Types**, select: **Security groups** * Under **Format**, select: **Group ID (default)** * *(Optional)* Update the **Name** field (e.g., change from `groups` to `roles` if expected by the application) 4. Click **Save** to apply the group claim. **8. Download the Federation Metadata XML** 1. On the **SAML Certificates** card, locate **Federation Metadata XML** and click **Download**. * The browser will download the **Azure metadata file**. #### **9. Upload Federation Metadata in E6data** 1. Go to the **E6data platform**. 2. Upload the **Federation metadata.xml** file downloaded from Azure. 3. Click **Next** to complete the setup. **10. Assign Users to the Application** After configuring SSO, you need to assign users who should have access to the application. **Go to the Enterprise Application** 1. In the **Azure Portal**, navigate to **Enterprise Applications**. 2. Select the application you just created (e.g., demo123). **Open the Users and Groups Section** 1. In the left-hand menu, click **Users and Groups**. 2. Click **Add user/group**. **Assign Users or Groups** 1. Click **Users** and select the users who need access. 2. If needed, assign a **role** (default is "User"). 3. Click **Assign** to save the changes. {% embed url="" %}