# Azure AD Configuration ## Steps to follow * [Create a new Enterprise Application](#create-a-new-enterprise-application) * [Set up Single Sign-On](#set-up-single-sign-on) * Option 1: Upload metadata XML file * Option 2: Enter metadata manually * [Configure Attributes & Claims](#configure-attributes-and-claims) * [Enter Azure's metadata into Sleuth](#enter-azures-metadata-into-sleuth) * Option 1: Link to metadata file * Option 2: Input metadata manually * [Assign Users/Groups to the Enterprise Application](#assign-users-groups-to-the-enterprise-application) ## Create a new Enterprise Application Sign into Azure as an administrator and click on the "**Azure Active Directory**" tile. ![](/files/E33aubdZlebQgIapXW8n) In the left-hand menu click on "**Enterprise Applications**" and then click "**New application**". On the next page click "**Create your own application**". Name your application (*e.g., Sleuth*), select the "**Integrate any other application you don't find in the gallery (Non-gallery)**" option, and click "**Create**":
## Set up Single Sign-On Once the application is created, you'll be taken to its homepage. Click the "**2. Set up single sign on**" tile (*alternatively, you can click the "**Single sign-on**" link in the left-hand navigation*):
When prompted, select "**SAML**" as the **single sign-on method**, then proceed with one of the 2 options explained below: {% tabs %} {% tab title="Option 1: Upload metadata XML file" %} Click the "**Upload metadata file**" button to trigger the file import modal, **select the file** to upload, and click "**Add**":
Once the file is uploaded, you'll see a preview of the imported metadata. If needed/desired, you can still make changes, although it generally shouldn't be necessary. One **optional field** that doesn't get populated automatically is "**Relay State**"; you can specify it manually by inputting your **Sleuth org slug** (*find it in your URL -> `https://app.sleuth.io/`**``***) and clicking "**Save**" at the top:
{% endtab %} {% tab title="Option 2: Enter metadata manually" %} On the "**Basic SAML Configuration**" tile click "**Edit**":
**Fill in the necessary metadata** (*found in Sleuth*), using the following reference, and click "**Save**":
AZURE ADSLEUTHEXAMPLE
Identifier (Entity ID)SAML Entity IDhttps://app.sleuth.io/saml/metadata/
Reply URL (Assertion Consumer Service URL)Assertion Consumer Servicehttps://app.sleuth.io/complete/saml/
Relay State (Optional)Default Relay Statesleuth
(should be your org slug)
Logout Url (Optional)Single Logout Servicehttps://app.sleuth.io/saml/sls/
{% endtab %} {% endtabs %} ### Configure Attributes & Claims Leave the **Attributes & Claims** section configured as it is, the settings should look like this:
{% hint style="danger" %} Keeping the **Unique User Identifier** claim set to `user.userprincipalname` is a **prerequisite** for your SAML configuration to work with Sleuth. {% endhint %} ## Enter Azure's metadata into Sleuth Similarly as before, you can again choose between **pointing Sleuth to a URL** where the IdP's metadata is now available, or **entering the metadata into Sleuth manually**. {% tabs %} {% tab title="Option 1: Link to metadata file" %} In Azure on the "**SAML Certificates**" tile under your Enterprise Application, **copy the value** of the "**App Federation Metadata Url**" field:
In Sleuth, click the "**point Sleuth to metadata file URL**" link to trigger the input modal and **paste the copied URL** into the field, then click "**Save**":
The remaining fields in Sleuth will get **populated automatically**, just click "**Test Metadata and Save**":
{% hint style="info" %} Sleuth defaults all of the Advanced configuration to the most commonly used values, but depending on your IdP configuration you might need to adjust "**Advanced settings**". {% endhint %} ### Assign Users/Groups to the Enterprise Application On the Application's homepage click the "**1. Assign users and groups**" tile (*alternatively, you can click the "**Users and groups**" link in the left-hand navigation*):
Click the "**+Add user/group**" button and **assign Users/Groups** as needed:
{% endtab %} {% tab title="Option 2: Input metadata manually" %} **Fill in the necessary metadata** (*found in Azure AD*), using the following reference, and click "**Test Metadata and Save**":
SLEUTHAZURE ADEXAMPLE
Entity IDAzure AD Identifierhttps://sts.windows.net/<...>
SSO URLLogin URLhttps://login.microsoftonline.com/<...>
SLO URLLogout URLhttps://login.microsoftonline.com/<...>
CertificateOn the "SAML Certificates" tile click "Edit", then click the 3 ellipses at the right end of the Active certificate and select "PEM certificate download".-----BEGIN CERTIFICATE-----
<...>
-----END CERTIFICATE-----

Open the downloaded file with a text-/code editor and copy the contents to be pasted into the "Certificate" field in Sleuth.

{% endtab %} {% endtabs %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.sleuth.io/sleuth-dora/settings/organization/signup/saml/azure-ad-configuration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.