--- title: 'Azure AD (Entra)' description: 'Learn how to configure Active Directory as an identity provider for NocoDB.' tags: ['SSO', 'Active Directory', 'SAML'] keywords: ['SSO', 'Active Directory', 'SAML', 'Authentication', 'Identity Provider'] --- :::warning SSO is available under private beta for self hosted enterprise customers. Please reach [**out to us**](https://calendly.com/nocodb) for early access. ::: This article briefs about the steps to configure Active Directory as Identity service provider for NocoDB ### NocoDB, Retrieve `SAML SSO` Configuration details 1. Go to `Account Settings` 2. Select `Authentication (SSO)` 3. Click on `New Provider` button 4. On the Popup modal, Specify a `Display name` for the provider; note that, this name will be used to display the provider on the login page 5. Retrieve `Redirect URL` & `Audience / Entity ID`; these information will be required to be configured later with the Identity Provider ![SAML SSO Configuration](/img/v2/account-settings/SSO-1.png) ![SAML SSO Configuration](/img/v2/account-settings/SAML-2.png) ![SAML SSO Configuration](/img/v2/account-settings/SAML-3.png) ### Azure AD, Configure NocoDB as an Application 1. Sign in to your [Azure account](https://portal.azure.com/#allservices) and navigate to `Microsoft Entra admin center` > `Identity` > `Enterprise applications` 2. Click `+ New application` 3. On the `Browse Microsoft Entra Gallery` page, select `Create your own application` from the navigation bar. a. Provide your application's name. b. Choose `Integrate any other application you don't find in the gallery (Non-gallery)` c. `Create` 4. On your application page, navigate to `Manage` > `Single sign-on` > `SAML` 5. Go to the `Basic SAML Configuration` section under `Set up Single Sign-On with SAML` and click `Edit` a. Add the `Audience URI` under `Identifier (Entity ID)`. b. Add the `Redirect URL` under `Replay URL (Assertion Consumer Service URL)`. c. Click `Save` 6. In the `Attributes & Claims` section, click `Edit` a. Edit the "Unique User Identifier (Name ID)" claim: - Select `Email address` from the `Name identifier format` dropdown - Choose `Attribute` as the `Source` - In the `Source attribute`, select `user.mail` - Click `Save` [//]: # ( b. (Optional) For custom claims:) [//]: # ( - Click Add new claim, provide details, and save.) [//]: # ( - Ensure the claim is visible in the Additional claims section.) [//]: # ( - Copy the claim name for later use in NocoDB SAML configurations.) 7. Go to the `SAML Certificates` section and copy the `App Federation Metadata URL` 8. on the Application's Overview page, - Click `Users and groups`, - Add the necessary users or groups to the application. ### NocoDB, Configure Azure AD as an Identity Provider 1. Go to `Account Settings` > `Authentication` > `SAML` 2. Insert `Metadata URL` retrieved in step above; alternatively you can configure XML directly as well 3. `Save` ![SAML SSO Configuration](/img/v2/account-settings/SAML-4.png) For Sign-in's, user should be able to now see `Sign in with ` option. ![SAML SSO Configuration](/img/v2/account-settings/SSO-SignIn.png) :::note Post sign-out, refresh page (for the first time) if you do not see `Sign in with ` option :::