# Azure AD SAML

### Prerequisites

* An Azure account with an active subscription.
* Administrator rights on Azure AD.
* A UI Bakery application up and running.

***

### Create an Azure AD Application for SAML

1. Click on **Microsoft Entra ID** from the sidebar.
2. Under *Manage*, click on **Enterprise applications**.
3. Click **New application**.
4. In the *Add from the gallery* section, search for **Microsoft Entra SAML Toolkit**

***

### Configure SAML in Azure

1. After the application is added, click on `Single sign-on` from the left sidebar.
2. Choose the `SAML` option.
3. A section named `Basic SAML Configuration` will appear. This typically includes:

   * **Identifier (Entity ID).** May be any unique string.
   * **Reply URL (Assertion Consumer Service URL).** Should lead to your UI Bakery instance `https://your_site/api/auth/login/saml`
   * **Sign-on URL** (you can provide whatever you want here)\
     \\

   <figure><img src="https://837703843-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUX6zPRMFFK0yrTghj7cY%2Fuploads%2Fgit-blob-823ba35f175a93d6f8ccc61ceac1766dd08146f1%2Fimage%20(135).png?alt=media" alt=""><figcaption></figcaption></figure>

***

### Integrate Azure AD with UI Bakery

#### Step 1: Set environment variables

You can find the values for `UI_BAKERY_SAML_ENTITY_ID` in the **"Basic SAML configuration"** section and for the `UI_BAKERY_SAML_METADATA_URL` in the **"SAML Signing Certificate"** section of the Azure portal.\
\
Ensure that `UI_BAKERY_SAML_METADATA_URL` contains the `appid` query parameter which value you can find in Azure application "Overview".

```bash
UI_BAKERY_SAML_ENABLED=true
UI_BAKERY_SAML_METADATA_URL=https://login.microsoftonline.com/id/federationmetadata/2007-06/federationmetadata.xml?appid=appid
UI_BAKERY_SAML_ENTITY_ID=<your-entity-id>
UI_BAKERY_BRANDING_AUTH_SSO_BTN_TEXT=Login with Microsoft
UI_BAKERY_GLOBAL_SESSION_COOKIE=true
```

#### Step 2: Restart your UI Bakery instance

Docker compose setup may be restarted with the following command:

```bash
docker compose down && docker compose up -d
```

***

### Test the Integration

1. Attempt to log in to your UI Bakery application.
2. You should be redirected to the Azure AD login page.
3. After successful authentication, you should be redirected back to your UI Bakery application.

***

### Troubleshooting

If you encounter issues during the integration, consider the following:

1. Double-check the Entity ID and Reply URL configurations.
2. Ensure that user attributes and claims are correctly mapped.
3. Check Azure AD logs for authentication errors.
4. Invite user groups or users directly to your application


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.uibakery.io/on-premise/sso/saml/azure-ad-saml.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.