# Azure AD - SAML Setup
The Azure AD SSO integration allows for a centralized and secure login process for businesses that utilise Azure AD as their identity provider.
Azure AD relies on `Enterprise Applications` to configure SSO
## Step by Step Guide
### 1. Go to Account Settings
On the top right, press the account preferences icon 
and select account settings from the drop-down menu
### 2. Select SSO Config
From the menu on the left, select SSO Config to bring up the SSO Configuration screen
### 3. Select SAML
Azure AD uses SAML as the way to integrate their identity platform with Hava. From the two choices ('SAML' and 'OIDC') select SAML
### 4. Take note of the Service provider details
You should be presented with a screen showing you two sections, Identity Provider, and Service Provider. In this case the Identity Provider is represented by Azure AD and the Service Provider is Hava.
Take note of the details in the Service Provider section, as we will use these when setting up Azure AD.
### 5. Navigate to Azure Active Directory
In the Azure Portal, go to the Azure Active Directory service, and select Enterprise applications from the menu on the left side
### 6. Start creating a new application
Click the create application button on the top of the screen to start the process for setting up a new Enterprise application.
### 7. Select Create your own application
Have is not set up with an easy integration with Azure AD yet (this is coming soon), so we have to create our own application. Press the 'Create your own application' button on the top of the page
### 8. Name your application
A pane will open on the right side of the screen asking you to name the application and select one of 3 choices of what you are looking to do with the application.
* enter `hava.io` as the name
* Select `Integrate any other application you don't find in the gallery (Non-gallery)` from the choices
* Click Create on the bottom of the pane
This will create the application for you and bring you to the resource in Azure AD once it has completed.
### 9. Go to Single sign-on
On the menu on the left, select `Single sign-on` to open the single sign-on configuration page.
Select SAML as the single sign-on method
### 10. Basic SAML Configuration
You should see a page asking you to fill in details to `Set up Single Sign-On with SAML`
In the Basic SAML configuration box, press edit and fill in the details that you took note of earlier in the Hava SAML setup page (Service Provider)
Map the values like this:
| Azure AD Name | Hava Name |
| ------------------------------------------ | ------------------------------ |
| Identifier (Entity ID) | Issuer (Entity ID) |
| Reply URL (Assertion Consumer Service URL) | Assertion Consumer Service URL |
| Sign on URL | Login URL |
| Relay State (Optional) | n/a |
| Logout Url | n/a |
{% hint style="warning" %}
When adding the Reply URL and the Sign on URL, please add a `/` before the `?` in the url. Azure AD requires this to map urls correctly.
`https://app.hava.io/users/auth/saml/callback?id=`\
to\
`https://app.hava.io/users/auth/saml/callback/?id=`
{% endhint %}
Once this is complete, press save on the top of the screen and go back to the Single sign-on screen by pressing the `X` in the top right corner
### 11. Set up attributes
Attributes are used to map user details between Azure AD and Hava. We need to change the `Unique User Identifier` to be email, rather than the default of userprinciplename.
Press the edit button, then click on the `Unique User Identifies` to modify the source attribute
Change it to `user.mail`
### 12. Download Certificate and take note of the values in the next section
In the 3rd box, download the Certificate (Base 64) to your machine and open it in a text editor to be ready for the next stage
The 4th box contains the values for setting up the SAML configuration for the Identity Provider in Hava.
### 13. Go back to hava and press Add SAML Config
Copy the values from the 4th box into the form in Hava using these mappings
| Hava Value | Azure AD Value |
| --------------------------- | ------------------- |
| Identity Provider Entity ID | Azure AD Identifier |
| Identity Provider SSO URL | Login URL |
Last step before testing is to insert the downloaded certificate into the text area. Make sure to copy the whole content of the file, including the `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----` lines\
\
Press save.
### 14. Enable and test
On the bottom of the SSO config page in Hava there is a button to enable SAML. Once this is done, you are ready to test your SSO login from Azure AD.
{% hint style="info" %}
Test this in a private browser window to make sure there is no cookies that cause you to be logged in automatically
{% endhint %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.hava.io/collaboration/sso-saml/azure-ad-saml-setup.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.