# SSO Configuration

## SSO Configuration in Azure Active Directory

This article outlines the steps to follow to configure SSO in Azure Active Directory.

1\) Register a new application from the Enterprise Application | All Applications screen in the Azure Active Directory portal: <https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/AppAppsPreview/menuId/>

2\) Create a new non-gallery application. Including SSO or SAML in the name for this application can help to distinguish this from future GraphAPI applications for the same instance.

![](/files/uIX5OZQhymAcpLFB7u9I)

3\) Once the application has been created and the configuration pages are visible, navigate to Single sign-on under the Manage section and select SAML.

4\) Enate will supply an XML metadata file for each instance. This can be imported using the “Upload metadata file” button at the top of the page.

![](/files/vRbknrb6KKlXGjQXe7Sy)

5\) Once imported, verify that the Identifier (Entity ID) and the Reply URL (Assertion Consumer Service URL) have been populated and the press Save.

6\) On the Single sign-on page with the newly populated Basic SAML Configuration section, you should be able to download the Federation Metadata XML under section 3, SAML Signing Certificate.

![](/files/sSsu6GQgF5a67FPT6IgX)

{% hint style="info" %}
**Note**: Enate typically uses the Email Address field configured for users within Enate to validate claims. This must match one of the supplied claims. User.userprincipalname or user.mail typically satisfy this but if you domain has multiple email addresses or situations where the userprincipalname may not always match the email address you may need to transform a claim to provide the correct information.
{% endhint %}

7\) This downloaded XML file should be supplied to Enate to complete the Enate side of the SSO configuration prior to testing.

8\) On the Properties page under the Manage section, you should change the “Visible to users?” setting to “No”.

9\) Depending on your configuration you can also change the “Assignment required?” to “No” and then manually assign Users to the application under the Users and groups page under the Manage section.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.enate.net/enate-help/builder/builder-2021.1/administration/sso-configuration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.