# Microsoft Entra SSO

Microsoft Entra is a cloud-based Identity Management service that implements an Identity Provider (IdP), using protocols such as SAML. Logilica's SSO supports Microsoft Entra's SAML SSO.

To enable Microsoft Entra SAML SSO with Logilica, please complete the following:

In Microsoft Entra, navigate to the Applications Single Sign-On settings page via **Home > Enterprise applications > SAML-based Sign On**.

{% hint style="info" %}
Please ensure the application is set up with **SAML-based** single sign-on.
{% endhint %}

1. **Match Client ID and Entity ID**\
   In the Logilica SSO configuration, ensure the **Entity ID** field has the same value as Microsoft Entra's **Identifier (Entity ID)** field.

<figure><img src="https://3637178088-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FvMP8keAdyp2axoLILtL5%2Fuploads%2Fgit-blob-dfef663de802d4b4f598de679cbdf94d71696637%2Fimage%20(2).png?alt=media" alt="" width="563"><figcaption><p>Microsoft Entra SSO Entity ID Settings</p></figcaption></figure>

<figure><img src="https://3637178088-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FvMP8keAdyp2axoLILtL5%2Fuploads%2Fgit-blob-b3c9cc87c5fc5eca633a9bf29eb7924264cb666a%2Fimage.png?alt=media" alt="" width="533"><figcaption><p><em>Logilica Organisation Single Sign On settings</em></p></figcaption></figure>

2. **Set Reply URL (Assertion Consumer Service URL)**\
   In Microsoft Entra, set the **Reply URL** to\
   `https://logilica.io/api/user/saml/callback?domain=<domain-name>`. \\

   <figure><img src="https://3637178088-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FvMP8keAdyp2axoLILtL5%2Fuploads%2Fgit-blob-d22e62943a97a11c06f006c587badf845f0effff%2Fimage.png?alt=media" alt="" width="485"><figcaption><p>Microsoft Entra SSO Reply URL Settings</p></figcaption></figure>

{% hint style="info" %}
If you want to test service provider-initiated SSO in Microsoft Entra, set the **Sign On URL** to '<https://logilica.io/login>'. This is an optional field.
{% endhint %}

3. **Fill in the Entry URL and Certificate fields**\
   The **Entry URL** and **Certificate** field can be obtained from the Application's **SAML Certificates > Federation Metadata XML** document. The **Entry URL** should be in the format:\
   `https://login.microsoftonline.com/<tenant-id>/saml2`

<figure><img src="https://3637178088-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FvMP8keAdyp2axoLILtL5%2Fuploads%2Fgit-blob-e3b3953aa2aeb0e4a33b062d5b0fcb1566a6ee2c%2Fimage.png?alt=media" alt="" width="470"><figcaption><p><em>Microsoft Entra</em> <em>SAML 2.0 Identity Provider Metadata</em></p></figcaption></figure>

<figure><img src="https://3637178088-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FvMP8keAdyp2axoLILtL5%2Fuploads%2Fgit-blob-8800d7ae861d3e5d64ce8e70f4d0ca416676cf96%2Fimage.png?alt=media" alt="" width="563"><figcaption><p><em>Logilica Organisation Single Sign On settings</em></p></figcaption></figure>

Please ensure you have at least one active user in the Application with a verified email.

With this, Microsoft Entra's SAML SSO has been set up with Logilica. For further details on logging in with SSO, please navigate to the [**SSO Integration** ](https://docs.logilica.com/sso-integration)page.