# Azure-AD Setting up Azure Active Directory is pretty straight-forward, but it helps to know the exact steps to follow, as configuraing SAML can be a bit daunting. To add Exivity to your Azure AD applications, follow these steps: * In your Azure portal, go to the Azure Active Directory service: ![azure-portal-aad](https://2831153169-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LHEKskLK6aXinV75Knl%2F-LHF0G1lYWN8xZtENgii%2F-LHF0U2FnVfSqCvCQUGR%2Fazure-portal-aad.png?generation=1531424671176074\&alt=media) * In the sidebar, click *Enterprise applications*: ![azure-ad-enterprise-applications](https://2831153169-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LHEKskLK6aXinV75Knl%2F-LHF0G1lYWN8xZtENgii%2F-LHF0U2HcMgeTducX6Rr%2Fazure-ad-enterprise-applications.png?generation=1531424671189848\&alt=media) * Click the *New application* button: ![azure-ad-new-application](https://2831153169-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LHEKskLK6aXinV75Knl%2F-LHF0G1lYWN8xZtENgii%2F-LHF0U2JfWa4Z-rDzGjZ%2Fazure-ad-new-application.png?generation=1531424668691018\&alt=media) * Click the *Non-gallery application* button: ![azure-ad-non-gallery-app](https://2831153169-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LHEKskLK6aXinV75Knl%2F-LHF0G1lYWN8xZtENgii%2F-LHF0U2LU26A8xnGiR6s%2Fazure-ad-non-gallery-app.png?generation=1531424671152681\&alt=media) * Enter a name for the new application (i.e. *My Exivity instance*) and click the *Add* button. * Click the *Configure single sign-on (required)* button: ![azure-ad-configure-sso](https://2831153169-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LHEKskLK6aXinV75Knl%2F-LHF0G1lYWN8xZtENgii%2F-LHF0U2NzpjgJZCkjeuZ%2Fazure-ad-configure-sso.png?generation=1531424672610192\&alt=media) * From the *Single Sign-On Mode* dropdown list, select *SAML-based Sign-on*: ![azure-ad-sso-mode](https://2831153169-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LHEKskLK6aXinV75Knl%2F-LHF0G1lYWN8xZtENgii%2F-LHF0U2Puef-cvlSESj6%2Fazure-ad-sso-mode.png?generation=1531424669514537\&alt=media) * Now enter the following details on this page: | Azure AD setting | Use value | | -------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | | Identifier | Exivity *Entity ID / Metadata URL* endpoint (see [endpoints](https://olddocs.exivity.io/2.3.1/diving-deeper/integrate/sso/broken-reference)) | | Reply URL | Exivity *Assertion Consumer Service* endpoint (see [endpoints](https://olddocs.exivity.io/2.3.1/diving-deeper/integrate/sso/broken-reference)) | | Show advanced URL settings | Checked | | Sign on URL | Optional, you can enter the URL for the Exivity interface here. | | Relay State | Leave empty | | User Identifier | Select *user.mail* | The resulting page could look something like this: ![azure-ad-sso-config](https://2831153169-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LHEKskLK6aXinV75Knl%2F-LHF0G1lYWN8xZtENgii%2F-LHF0U2RJmd00dKqPk_0%2Fazure-ad-sso-config.png?generation=1531424668680609\&alt=media) * Click the *Configure \[your application name]* button: ![azure-ad-configure-instance](https://2831153169-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LHEKskLK6aXinV75Knl%2F-LHF0G1lYWN8xZtENgii%2F-LHF0U2T34Bc1cix5OOT%2Fazure-ad-configure-instance.png?generation=1531424668627006\&alt=media) * A new pane will open with instructions. Navigate to the Exivity SAML configuration (see [configuration](https://olddocs.exivity.io/2.3.1/diving-deeper/integrate/sso/broken-reference)) and copy the following options from the pane in your Azure portal: ![azure-ad-instance-config](https://2831153169-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LHEKskLK6aXinV75Knl%2F-LHF0G1lYWN8xZtENgii%2F-LHF0U2Vlw0iu2Zptpf9%2Fazure-ad-instance-config.png?generation=1531424668761534\&alt=media) | Exivity SAML setting | Use value | | -------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Entity ID | *SAML Entity ID* | | SSO URL | *SAML Single Sign-On Service URL* | | SLO URL | *Sign-Out URL* | | X-509 certificate | Download the certificate by clicking the *SAML Signing Certificate - Base64 encoded* link. Open the `.cer` file with a text editor and remove the text `-----BEGIN CERTIFICATE-----`, `-----END CERTIFICATE-----` and all line breaks so you end up with a single-line base64 encoded string. | The Exivity configuration page could look something like this: ![azure-ad-exivity-saml-settings](https://2831153169-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LHEKskLK6aXinV75Knl%2F-LHF0G1lYWN8xZtENgii%2F-LHF0U2X2QfhtneEcNaJ%2Fazure-ad-exivity-saml-settings.png?generation=1531424670663834\&alt=media) * In Exivity, click the *Update* button. * In your Azure Portal, click the *Save* button: ![azure-ad-sso-config-save](https://2831153169-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LHEKskLK6aXinV75Knl%2F-LHF0G1lYWN8xZtENgii%2F-LHF0U2Zn7CT3E-9dSKi%2Fazure-ad-sso-config-save.png?generation=1531424670644619\&alt=media) * As the last step, enable Single Sign-On in Exivity by navigating to *Administration* > *Configuration* and then clicking on the *System* tab. Make sure the *Single Sign-On* option is set to *Enabled*, and click the *Update* button: ![azure-ad-exivity-configuration](https://2831153169-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LHEKskLK6aXinV75Knl%2F-LHF0G1lYWN8xZtENgii%2F-LHF0U2a-1m4rWCtNzX6%2Fazure-ad-exivity-configuration.png?generation=1531424669531682\&alt=media) SSO is now configured and enabled, and you can now use Azure AD to login to your Exivity instance. The login screen will look something like this: ![exivity-login-sso](https://2831153169-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LHEKskLK6aXinV75Knl%2F-LHF0G1lYWN8xZtENgii%2F-LHF0U2cVXgVSEJprLbl%2Fexivity-login-sso.png?generation=1531424668611642\&alt=media) And by clicking on the *Login* button, you'll be taken to the Azure AD login screen. Exivity will receive the Azure AD e-mail address and create a new user with a minimal set of permissions if no existing user is found.