# Set up Microsoft Entra ID SSO

## **Create Enterprise Application**

In the Azure portal navigate to **Enterprise applications** -> **New application** -> **Create your own application**. Once there choose a name for the app and select "Integrate any other application you don't find in the gallery (Non-gallery)" option.

### Set up SSO&#x20;

Once the application has been created select **Manage**/**Single sign-on**. From the methods, select **SAML**.

<figure><img src="/files/TTwMlFs5cUxAeVSdYwz8" alt=""><figcaption></figcaption></figure>

You will be presented with **SAML-based Sign-on** settings. We will mostly focus on the first part of these settings, the Basic SAML Configuration. When first setting the application up you will be required to provide the **Identifier (Entity ID)** and the **Reply URL**.

Hit the three dots in the upper right corner of the Basic SAML Configuration card and then Edit.&#x20;

* For the **Identifier** (Entitiy ID) you can put in any easily identifiable name.
* For the **Reply URL** put the address of your server (API) container with "/saml/callback" following.&#x20;
  * example: "*<https://api.sandbox.decisionrules.io/saml/callback>"*

<figure><img src="/files/MuxcpBbHnhOG5vSEevM3" alt=""><figcaption></figcaption></figure>

### Environment Variables

These are the environment variables you will have to provide to your server container and where to find them.

* SAML\_ISSUER - **Basic SAML Configuration / Identifier (Entity ID)**
* SAML\_CALLBACK\_URL - **Basic SAML Configuration / Reply URL**
* SAML\_CERT - **SAML Certificates / Certificate (Base64)**
* SAML\_ENTRY\_POINT - **Set up&#x20;*****YOUR\_APP\_NAME*****&#x20;/ Login URL**

{% hint style="warning" %}
The SAML\_CERT has to be provided as a single line argument without the&#x20;

\------ BEGIN/END Certificate ------

More about SSO Environment variables [here](/doc/v1/on-premise-docker/containers-environmental-variables.md#optional-server-environment-variables).
{% endhint %}

### Adding Users&#x20;

In the Enterprise Application go to Manage / Users and groups.&#x20;

* Add user/group&#x20;
* Select Users or Groups which should have access to the DecisionRules' SSO.&#x20;
* Click on Assign.

You can find more basic information with examples here: [Setup Single Sign-On (SSO)](/doc/v1/on-premise-docker/setting-up-sso.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.decisionrules.io/doc/v1/on-premise-docker/setting-up-sso/set-up-microsoft-entra-id-sso.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.