# Use Microsoft Entra ID as your Identity Provider

## Overview

After enabling Onum as a service provider, you can set up Microsoft Entra ID as an identity provider for SAML. You need to create a SAML app in your Entra Admin Center to register your **Callback URL** so that Microsoft Entra ID can send SAML responses to the correct location.

## Set up your custom Microsoft EntraID app

{% hint style="warning" %}
To activate Microsoft Entra ID as an identity provider for SAML authorization, you need a Microsoft Entra ID administrator account.
{% endhint %}

{% stepper %}
{% step %}
Log in to your Entra Admin Center. In the left menu, select **Applications > Enterprise applications** > **New application > Create your own application**.
{% endstep %}

{% step %}
Enter a name for the app (e.g., *MyApp SAML SSO*). Then, select **Integrate any other application you don’t find in the gallery (Non-gallery)**. Click **Create**.
{% endstep %}

{% step %}
In your new application’s overview, go to **Single sign-on**. Choose **SAML** as the SSO method.
{% endstep %}

{% step %}
Now you’ll see a 4-step wizard. First, you must enter these details from Onum:

{% hint style="warning" %}
Onum will not show the required **Callback URL** until you enter the identity provider details, so we will enter a placeholder URL here. 
{% endhint %}

<table><thead><tr><th width="170.08984375">Parameter</th><th>Description</th><th data-hidden></th></tr></thead><tbody><tr><td><strong>Identifier (Entity ID) / Reply URL (ACS URL)</strong></td><td>Enter a temporary URL in these fields (eg, <code>https://placeholder.example.com/saml/acs</code>). You can copy the <strong>Callback URL</strong> if you already know it, or just use a dummy placeholder. We'll edit these fields later with the real value.</td><td></td></tr><tr><td><strong>Sign-on URL</strong></td><td>You can leave this blank.</td><td></td></tr></tbody></table>

Click **Save** when you're done.
{% endstep %}

{% step %}
In the next step, you must define the **User Attributes & Claims**. By default, **NameID** is the user’s `user.userprincipalname` (often the email).
{% endstep %}

{% step %}
You'll get the IdP metadata.&#x20;

Now access Onum and go to the **Authentication** area in your Admin menu. Once there, click the **Configure Single-Sign-On** button and select **SAML** in the **Authentication method** field. Enter the following in the fields that appear:

<table><thead><tr><th width="169.69140625">Parameter</th><th>Description</th><th data-hidden></th></tr></thead><tbody><tr><td><strong>IdP Entity ID</strong></td><td>Enter the <strong>Azure AD Identifier</strong> from Microsoft EntraID.</td><td></td></tr><tr><td><strong>Single Sign-On URL</strong></td><td>Enter the <strong>Login URL</strong> from Microsoft EntraID.</td><td></td></tr><tr><td><strong>Certificates</strong></td><td>Paste the <strong>Certificate (Base64)</strong> from Microsoft EntraID.</td><td></td></tr></tbody></table>

Now click **Save**. You'll be given a **Callback URL**.
{% endstep %}

{% step %}
Go back to Microsoft Entra ID and paste the **Callback URL** into your app’s SAML configuration.
{% endstep %}

{% step %}
Next, access **Users and groups > Add user/group** and assign the app to the required users/groups.
{% endstep %}
{% endstepper %}

Done! Microsoft Entra ID is now your identity provider for Onum.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.onum.com/administration/global-settings/tenant/authentication/single-sign-on-sso-with-saml/use-microsoft-entra-id-as-your-identity-provider.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.