1. Sign in to your [Azure account](https://portal.azure.com/#allservices) and navigate to `Azure Active Directory` under `Azure Services`.
2. Access `Manage Tenants` from the navigation bar, select your directory, and click `Switch`.
3. On your directory's homepage, click `+ Add` > `Enterprise Application` from the navigation bar.
4. On the `Browse AD Azure Gallery` page, select `Create your own application` from the navigation bar.
a. Provide your application's name.
a. Provide your application's name.
b. Choose `Integrate any other application you don't find in the gallery (Non-gallery)` from the `What are you looking to do with your application?` options.
b. Choose `Integrate any other application you don't find in the gallery (Non-gallery)` from the `What are you looking to do with your application?` options.
c. `Create`
c. `Create`
7. In your Application's Overview page, navigate to `Set up single sign-on` > `SAML`
5. In your Application's Overview page, navigate to `Set up single sign-on` > `SAML`
8. In the SAML-based Sign-on page, go to the `Basic SAML Configuration` section under `Set up Single Sign-On with SAML` and click `Edit`
6. In the SAML-based Sign-on page, go to the `Basic SAML Configuration` section under `Set up Single Sign-On with SAML` and click `Edit`
a. Add the `Audience URI` under `Identifier (Entity ID)`.
a. Add the `Audience URI` under `Identifier (Entity ID)`.
b. Add the `Redirect URL` under `Replay URL (Assertion Consumer Service URL)`.
b. Add the `Redirect URL` under `Replay URL (Assertion Consumer Service URL)`.
c. `Save`
c. `Save`
9. In the `Attributes & Claims` section, click `Edit`
7. In the `Attributes & Claims` section, click `Edit`
a. Edit the Unique User Identifier (Name ID) claim:
a. Edit the Unique User Identifier (Name ID) claim:
- Select `Email address` from the `Name identifier format` dropdown
- Select `Email address` from the `Name identifier format` dropdown
- Choose `Attribute` as the `Source`
- Choose `Attribute` as the `Source`
@ -35,17 +42,23 @@ This article briefs about the steps to configure Active Directory as Identity se
- Click Add new claim, provide details, and save.
- Click Add new claim, provide details, and save.
- Ensure the claim is visible in the Additional claims section.
- Ensure the claim is visible in the Additional claims section.
- Copy the claim name for later use in NocoDB SAML configurations.
- Copy the claim name for later use in NocoDB SAML configurations.
10. Go to the `SAML Certificates` section and copy the `App Federation Metadata URL`
8. Go to the `SAML Certificates` section and copy the `App Federation Metadata URL`
11. on the Application's Overview page,
9. on the Application's Overview page,
- Click `Assign users and groups`,
- Click `Assign users and groups`,
- Add the necessary users or groups to the application.
- Add the necessary users or groups to the application.
12. Configure `Metadata URL` in NocoDB
- Go to `Account Settings` > `Authentication` > `SAML`
- Insert `Metadata URL` retrieved in step (10) above as `App Federation Metadata URL`; alternatively you can configure XML directly as well
### NocoDB, Configure Azure AD as an Identity Provider
- `Save`
1. Go to `Account Settings` > `Authentication` > `SAML`
2. Insert `Metadata URL` retrieved in step above; alternatively you can configure XML directly as well