# Microsoft Entra ID
{% tabs %}
{% tab title="SAML" %}
Go into your **Azure portal home**
1. Open the sidebar menu and click on **Microsoft Entra ID**
2. Click on **Add button > Entreprise application**
3. Click on **Create your own application**
4. Enter a name and then click **Integrate any other application you don’t find in the gallery (Non-gallery)**
5. Click on **Single sign-on** from the sidebar menu or on **Set up single sign on** bellow Getting Started and choose **SAML**
6. In the first box **Basic SAML Configuration**, specify the **Entity ID**, it has to be the same than **SP Entity ID** in CISO Assistant (see next screenshot)
7. Add the **Reply URL**: `/api/accounts/saml/0/acs/` (for example with localhost: `https://localhost:8443/api/accounts/saml/0/acs/`)
8. In the third box **SAML Certificates**, copy the **App Federation Metadata Url** as it is the **Metadata URL** in CISO Assistant (see next screenshot)
9. In the fourth box **Set up \**, copy the **Microsoft Entra Identifier** as it is the **IdP Entity ID** in CISO Assistant
10. Make sure you use the same Identifier (Entity ID) that you've set earlier and appear on block 1, on CISO Assistant SP Entity ID:\
11. Click on **Users and groups** in the sidebar menu, and **Add user/group** to give them access to CISO Assistant with SSO. The matching key will be the email and you'll be able to grant their permissions on the applications.
12. You can now [configure CISO Assistant](https://intuitem.gitbook.io/ciso-assistant/features-focus/sso/..#configure-ciso-assistant-with-saml) with the **3 parameters** you've retrieved.
{% endtab %}
{% tab title="OIDC" %}
#### 1. Introduction
Go to your Microsoft Azure Portal
#### 2. Navigate to App Registrations
Click the App registrations section to add a new application for OIDC configuration. You can also use the search bar if you don't find it in the suggestions.
#### 3. Start New Application Registration
#### 4. Name your application
#### 5. Select Web Platform in Redirect URI options
#### 6. Enter the callback URL of your instance
The callback URL is: `/api/accounts/oidc/openid_connect/login/callback/` for
for instance, for localhost: `http://localhost:8000/api/accounts/oidc/openid_connect/login/callback/`
#### 7. Complete Application Registration
#### 8. Copy the Application Client ID
#### 9. Past it into the Client ID field
#### 10. Open Certificates & Secrets
#### 11. Create a New Client Secret
#### 12. Add your Client Secret
#### 13. Copy the fresh Client Secret Value
#### 14. Past it into the Secret field
#### 15. Go back to your App Overview
#### 16. Inside Endpoints copy the OpenID Connect metadata URL
#### 17. Paste it into the Server URL field
#### 18. Save your configuration
{% hint style="success" %}
You have successfully configured OpenID Connect (OIDC) integration with EntraID.
{% endhint %}
{% endtab %}
{% endtabs %}
{% hint style="warning" %} Adding a user in your Entra application doesn't automatically create the user on CISO Assistant
{% endhint %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://intuitem.gitbook.io/ciso-assistant/features-focus/sso/identity-providers/microsoft-entra-id.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
11. Click on **Users and groups** in the sidebar menu, and **Add user/group** to give them access to CISO Assistant with SSO. The matching key will be the email and you'll be able to grant their permissions on the applications.