# Configuring SAML-based SSO with Microsoft Azure in Analytics Plus

Analytics Plus supports SAML-based Single Sign-On (SSO) configuration with Microsoft Azure, enabling users to authenticate using their Azure (Microsoft Entra ID) credentials. This setup streamlines user access and strengthens security through centralized identity management.

**Note:** To perform this configuration, users must have permission to create applications in Microsoft Azure.

## Azure Identity Provider (IdP) Parameters

The following IdP-specific parameters from Azure are required to configure SAML authentication in Analytics Plus:

- X.509 Certificate (Base64)
- Login URL
- Logout URL (Optional)

This section explains how to configure SAML-based SSO with Microsoft Azure in Analytics Plus.

- Create an Enterprise Application in Azure
- Configure SAML-based SSO
- Configure Azure SAML Details in Analytics Plus
- Complete SAML Setup in Azure
- Assign Users to the Application
- Verify SSO Integration

## Create an Enterprise Application in Azure

Follow the steps below to start the configuration in Azure:

1. Sign in to the [Microsoft Azure Portal](https://portal.azure.com/).
2. Navigate to **Microsoft Entra ID** >> **Manage** >> **Enterprise Applications**.

![Microsoft Entra ID](https://cdn.manageengine.com/sites/meweb/images/analytics-plus/entraid.png)

![Enterprise Applications](https://cdn.manageengine.com/sites/meweb/images/analytics-plus/entra2.png)

3. In the dialog box that appears, click **+ New application** and select **Create your own application**.

![New Application](https://cdn.manageengine.com/sites/meweb/images/analytics-plus/newappln.png)

![Create Your Own Application](https://cdn.manageengine.com/sites/meweb/images/analytics-plus/createown.png)

4. Provide a name (for example, **Analytics Plus**) and choose **Integrate any other application you don't find in the gallery (Non-gallery)**.

![Non-gallery Application](https://cdn.manageengine.com/sites/meweb/images/analytics-plus/4thopint.png)

5. Click **Create**.

## Configure SAML-based SSO

1. Open the newly created application and navigate to **Single sign-on** > **SAML**.

![SAML Configuration](https://cdn.manageengine.com/sites/meweb/images/analytics-plus/saml.png)

2. Scroll down to the **Set up Analytics** section, copy the **Login URL** and **Logout URL**, and enter them in the Analytics Plus application.

![Set up Analytics](https://cdn.manageengine.com/sites/meweb/images/analytics-plus/setupanalytics.png)

## Configure Azure SAML Details in Analytics Plus

1. Log in to the Analytics Plus application and navigate to **Settings** >> **User Management** >> **Third-party SSO**. Configure the **Login URL**, **Logout URL**, and upload the [sample certificate](https://workdrive.zohoexternal.com/external/f083cc8aeaf0f916120390e115b168c69f9eca897230f7dea478e0148864a647).
2. After configuring third-party SSO, download the **metadata.xml** file from the Analytics Plus application.
3. Open the downloaded file and copy the **Entity ID** and the **SSO/Assertion Consumer Service (ACS) URL**.

![Entity ID and ACS URL](https://cdn.manageengine.com/sites/meweb/images/analytics-plus/entity.png)

## Complete SAML Setup in Azure

1. In Microsoft Azure, select **Set up Single Sign-On**. In the **Basic SAML Configuration** section, click **Edit**.
2. Enter the copied **Entity ID** in the **Identifier** field and the copied **ACS URL/SSO URL** in the **Reply URL** field, then click the **Save** icon.

![Basic SAML Configuration](https://cdn.manageengine.com/sites/meweb/images/analytics-plus/basicsaml.png)

3. Scroll down to the certificate section and download the certificate in **Base64** format.

![Download Base64 Certificate](https://cdn.manageengine.com/sites/meweb/images/analytics-plus/base64.png)

## Verify SSO Integration

1. Return to the **SAML Authentication** page in Analytics Plus.
2. Click the **Edit** icon and upload the downloaded certificate in the **Public Key** field.

![Upload Certificate](https://cdn.manageengine.com/sites/meweb/images/analytics-plus/editicom.png)

3. Ensure the certificate is in one of the following formats: **.cer**, **.crt**, **.cert**, or **.pem** (Base64 encoded).

![Supported Certificate Formats](https://cdn.manageengine.com/sites/meweb/images/analytics-plus/lastimage.png)

4. Click **Save**.

Once the above steps are completed, SAML will be successfully configured, and you can proceed to enable SSO with Azure.

**Note:** You can follow the instructions in the following article to assign users to the application.

[Assign a user account to an enterprise application](https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/add-application-portal-assign-users#assign-a-user-account-to-an-enterprise-application)