# Azure AD - OIDC Setup
The Azure AD SSO integration allows for a centralised and secure login process for businesses that utilise Azure AD as their identity provider.
OICD allows you to set up an application in AzureAD to manage access to accounts in Hava.
## Step by step guide
### 1. Go to Account Settings
On the top right, press the account preferences icon and select account settings from the drop-down menu
### 2. Select SSO Config
From the menu on the left, select SSO Config to bring up the SSO Configuration screen
### 3. Select OIDC
Azure AD can use SAML or OIDC as the way to integrate their identity platform with Hava. From the two choices ('SAML' and 'OIDC') select OIDC.
### 4. Take note of the Service provider details
You should be presented with a screen showing you two sections, Identity Provider, and Service Provider. In this case the Identity Provider is represented by Azure AD and the Service Provider is Hava.
Take note of the `Sing-in Redirect URL` attribute in the Service Provider section, as we will use these when setting up Azure AD.
### 5. Navigate to Azure Active Directory
In the Azure Portal, go to the Azure Active Directory service, and select `App registrations` from the menu on the left side.
### 6. Start creating a new registration
Click the `New registration` button on the top of the screen to start the process for setting up a new application registration.
### 7. Register Application
You will be presented with a form where we will configure two values:
* Give the application a name that people will recongnize (e.g. hava.io)
* In the optional `Redirect URI`
* Select `Web` as the platform
* And put in the `Sign-in Redirect URL` from the Hava OIDC configuration screen
Finally press `Register` on the bottom of the form. Leave the other values as they are.
### 8. Create a secret
Next we need to create a secret to secure the connection between Hava and AzureAD.
On the left menu, select `Certificates & secrets` and then under `Client secrets` click `New client secret`
### 9. Configure and Save secret
In the pane that opens, give the secret a descriptive name and select the expiry for the key
Press Add to save the secret.
### 10. Save the secret key
The `value` attribute contains the secret key that we need to provide to Hava, save that. Ignore the `Secret ID` , we will not be using that.
### 11. Get Application Details
On the overview page there are two values we will need.
Save the `Application (client) ID` and the `Directory (tenant) ID` values, we will use those in the next step
### 12. Configure OIDC
Go back to Hava and press the `Add OIDC Config` button
In the form that comes up add these values:
* **Identity Provider Host:** `login.microsoftonline.com/TENANT_ID/v2.0` where `TENANT_ID` is substituted with the `Directory (tenant) ID` from step 11
* **OIDC Client Id: ** `Application (client) ID` from step 11
* **OIDC Client Secret:** `value` from step 10
Press `Save` to save the configuration.
### 13. Enable Configuration
Last step is to press the green `Enable` button on the OIDC Configuration page. Once this is done, you are ready to test the SSO integration from Azure AD.
Enable SSO
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.hava.io/collaboration/sso-saml/azure-ad-oidc-setup.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.