# Azure-AD Setting up Azure Active Directory is pretty straight-forward, but it helps to know the exact steps to follow, as configuraing SAML can be a bit daunting. To add Exivity to your Azure AD applications, follow these steps: * In your Azure portal, go to the Azure Active Directory service: ![azure-portal-aad](/files/-LHF0U2FnVfSqCvCQUGR) * In the sidebar, click *Enterprise applications*: ![azure-ad-enterprise-applications](/files/-LHF0U2HcMgeTducX6Rr) * Click the *New application* button: ![azure-ad-new-application](/files/-LHF0U2JfWa4Z-rDzGjZ) * Click the *Non-gallery application* button: ![azure-ad-non-gallery-app](/files/-LHF0U2LU26A8xnGiR6s) * Enter a name for the new application (i.e. *My Exivity instance*) and click the *Add* button. * Click the *Configure single sign-on (required)* button: ![azure-ad-configure-sso](/files/-LHF0U2NzpjgJZCkjeuZ) * From the *Single Sign-On Mode* dropdown list, select *SAML-based Sign-on*: ![azure-ad-sso-mode](/files/-LHF0U2Puef-cvlSESj6) * Now enter the following details on this page: | Azure AD setting | Use value | | -------------------------- | ---------------------------------------------------------------------------------------------------------- | | Identifier | Exivity *Entity ID / Metadata URL* endpoint (see [endpoints](/3.5.4/advanced/integrate/sso/azure-ad.md)) | | Reply URL | Exivity *Assertion Consumer Service* endpoint (see [endpoints](/3.5.4/advanced/integrate/sso/azure-ad.md)) | | Show advanced URL settings | Checked | | Sign on URL | Optional, you can enter the URL for the Exivity interface here. | | Relay State | Leave empty | | User Identifier | Select *user.mail* | The resulting page could look something like this: ![azure-ad-sso-config](/files/-LHF0U2RJmd00dKqPk_0) * Click the *Configure \[your application name]* button: ![azure-ad-configure-instance](/files/-LHF0U2T34Bc1cix5OOT) * A new pane will open with instructions. Navigate to the Exivity SAML configuration (see [configuration](/3.5.4/advanced/integrate/sso/azure-ad.md)) and copy the following options from the pane in your Azure portal: ![azure-ad-instance-config](/files/-LHF0U2Vlw0iu2Zptpf9) | Exivity SAML setting | Use value | | -------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Entity ID | *SAML Entity ID* | | SSO URL | *SAML Single Sign-On Service URL* | | SLO URL | *Sign-Out URL* | | X-509 certificate |

Download the certificate by clicking the SAML Signing
Certificate - Base64 encoded link. Open the .cer file
with a text editor and remove the text
-----BEGIN CERTIFICATE-----,
-----END CERTIFICATE----- and all line breaks so you
end up with a single-line base64 encoded string.

| The Exivity configuration page could look something like this: ![azure-ad-exivity-saml-settings](/files/-LHF0U2X2QfhtneEcNaJ) * Now unfold the *Advanced* menu at the bottom of the screen, and paste the following JSON data: ```javascript { "security": { "wantXMLValidation": false } } ``` * Then in Exivity, click the *Update* button * And in your Azure Portal, click the *Save* button: ![azure-ad-sso-config-save](/files/-LHF0U2Zn7CT3E-9dSKi) * As the last step, enable Single Sign-On in Exivity by navigating to *Administration* > *Configuration* and then clicking on the *System* tab. Make sure the *Single Sign-On* option is set to *Enabled*, and click the *Update* button: ![azure-ad-exivity-configuration](/files/-LHF0U2a-1m4rWCtNzX6) SSO is now configured and enabled, and you can now use Azure AD to login to your Exivity instance. The login screen will look something like this: ![exivity-login-sso](/files/-LHF0U2cVXgVSEJprLbl) And by clicking on the *Login* button, you'll be taken to the Azure AD login screen. Exivity will receive the Azure AD e-mail address and create a new user with a minimal set of permissions if no existing user is found. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://olddocs.exivity.io/3.5.4/advanced/integrate/sso/azure-ad.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.