> For the complete documentation index, see [llms.txt](https://docs.datasaur.ai/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.datasaur.ai/integrations/saml/microsoft-entra-id.md). # Microsoft Entra ID This guide assumes you have already clicked **Enable SAML** in Datasaur and the **Enable SAML 2.0** dialog is currently open. ## Integrate Microsoft Entra ID {% hint style="info" %} Only users with one of the following roles can create an enterprise application: Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal. {% endhint %} ### Create an enterprise app 1. Open the Azure portal and go to **Microsoft Entra ID**. 2. In the left sidebar, go to **Manage** → **Enterprise applications**. 3. Click **New application > Create your own application**. 4. Provide a name and select **Integrate any other application you don't find in the gallery**. 5. Click **Create**. ### Configure SAML 1. Open the newly created app. 2. In the left sidebar, go to **Manage > Single sign-on**. 3. Select **SAML**. 4. Complete the following sections. Fields not mentioned can be left unchanged. 1. Basic SAML Configuration 1. **Identifier** (required): Use the value from the **Service provider issuer** field in the **Enable SAML 2.0** dialog, which is `datasaur`. 2. **Reply URL** (required): Use the **Service provider sign in URL** value in the **Enable SAML 2.0** dialog. 3. **Relay State** (optional): Enter **Company ID** using the following JSON format: `{"companyId": ""}`. 2. Attributes & Claims 1. Use **email** (required) as the name and `user.mail` as the source attribute. Note that the default `emailaddress` is not sufficient. 2. Use **displayName** (optional) as the name and select your preferred attribute as the source, for example, `user.displayname`. 3. SAML Certificates 1. **Signing Option**: Select **Sign SAML response and assertion**.
### Add users to the app integration 1. In the left sidebar, go to **Manage > Users and groups.** 2. Assign the users who should be able to sign in to Datasaur using SAML. ## Complete the Datasaur SAML form 1. Return to the **Single sign-on** page in Microsoft Entra ID. 2. Copy the **Login URL**, then paste it into the **Identity provider sign in URL** field. 3. Copy the **Microsoft Entra Identifier**, then paste it into the **Identity provider issuer** field. 4. Download the **Certificate (Base64)** from the **SAML Certificates** section, then use its content for the **Public certificate** field. 5. Click **Enable SAML 2.0**.
--- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.datasaur.ai/integrations/saml/microsoft-entra-id.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.