# Azure Configuration FSProtect can be integrated with the Azure SSO to simplify authentication. The following configurations must be completed for integration: ### 1. Create an Enterprise Application * Go to [**https://portal.azure.com**](https://portal.azure.com/) and log in.

* Navigate to **Microsoft Entra ID** > **Enterprise applications**.

* Click on **"New application"**.

* Select **"Create your own application"**.

Click "Create your own application" button

* Provide a **name** for your app (e.g., `fsprotect-SSO`). * Choose the option: **"Integrate any other application you don’t find in the gallery (Non-gallery)"** * Click **Create**.

{% hint style="info" %} At this point, your custom application will be created and added under Enterprise Applications. {% endhint %} ### 2. Set Up Single Sign-On (SAML) * In the left menu of the application page, select **Single sign-on** or select **Set up single sign-on** after creating app.

* Choose **SAML** as the single sign-on method.

* You will now see multiple sections, including: * Basic SAML Configuration * Attributes & Claims * SAML Signing Certificate * Set up \[App Name] ### 3. Configure Attributes & Claims * In the **Attributes & Claims** section, click **Edit**.

* Review the default claims (such as `email`, `givenname`, `surname`, etc.). * To add a custom claim: * Click **Add new claim** * Enter a **Name** (e.g., `username`) * Choose the appropriate **Source** (e.g., user attribute or transformation) * For user attributes, select from available directory attributes like `user.mailnickname` etc. * Click **Save**

* Do the same things for the `role`: * Enter a **Name** (e.g., `username`) * Choose the appropriate **Source** (e.g., user attribute or transformation) * For user attributes, select from available directory attributes like `user.assignedroles` etc.

Fill claim informations for username for role

### 4. Configure Basic SAML Settings * Click **Edit** in the **Basic SAML Configuration** section.

* Fill in the required fields on the Basic SAML Configuration based on the `Settings` > `SSO` > `SSO Details` on the FSProtect.

ACS Url and Audience (Entity ID) from SSO page

| Field | Description | Example | | -------------------------- | ------------------------------------------------------ | -------------------------------------------------------- | | **Identifier (Entity ID)** | Unique URI identifying your SP | `http://{baseURL}/api/v1/sso/{ssoProviderName}/metadata` | | **Reply URL (ACS URL)** | Endpoint where SAML assertions are sent (POST binding) | `http://{baseURL}/api/v1/sso/{ssoProviderName}/acs` | ### 5. Download SAML Metadata XML * Scroll to the **SAML Signing Certificate** section. * Locate the **Federation Metadata XML** link. * Click **Download**.

{% hint style="info" %} Save this XML file securely. It will be used to configure the SSO of your SAML integration. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.forestall.io/fsprotect/settings/sso/azure-configuration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.