# SAML Authentication - How To's

## How to configure SAML authentication settings in Central Server for Azure SSO?

- [In Central Server](https://www.manageengine.com/products/desktop-central/configuring-saml-authentication-settings-for-azure.html#a)
- [In Central Server Cloud](https://www.manageengine.com/products/desktop-central/help/configuring_desktop_central/saml-authentication-with-sso-cloud.html)

## In Central Server

## Description

This document will walk you through the steps required to configure SAML Authentication settings in Central Server for Azure.

**Note**: If the FQDN in the ACS URL is different from the one mentioned in the **NAT Settings**, then go to `<Installation_directory>/Desktop Central server/conf/websettings.conf` and, in a new line, type **saml.fqdn.name=FQDN_Name**. Here, **FQDN_Name** represents your FQDN name.  
For example: `saml.fqdn.name=dc.com`. Here, **dc.com** is the FQDN name. After saving the **websettings.conf** file, restart the **Central Server** server and reconfigure the **SAML Authentication** settings.

## Installation Steps

1. Login to your Azure account using **https://portal.azure.com** and enter your email address. After that, click **Next**.

   [![Login to your Azure account](https://www.manageengine.com/products/desktop-central/images/saml-azure-01.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-01.png)

2. Enter the **password** and click **Sign in.**

   [![enter your Azure account password](https://www.manageengine.com/products/desktop-central/images/saml-azure-02.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-02.png)

3. Select **Enterprise applications**.

   [![Select Enterprise Application](https://www.manageengine.com/products/desktop-central/images/saml-azure-04.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-04.png)

4. Select **New application**.

   [![Select New Application](https://www.manageengine.com/products/desktop-central/images/saml-azure-05.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-05.png)

5. On the left hand side, select **+ Create your own application**.

   [![Azure Create your own application](https://www.manageengine.com/products/desktop-central/images/saml-azure-crtapp.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-crtapp.png)

6. Select **Non-gallery application** on the right hand side.

   [![Azure select Non-gallery application](https://www.manageengine.com/products/desktop-central/images/saml-azure-06.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-06.png)

7. Provide an appropriate app name and click **Create**.

   [![Azure Provide an appropriate app name and click](https://www.manageengine.com/products/desktop-central/images/saml-azure-07.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-07.png)

8. On the left hand side menu, click **Single sign-on**.

   [![SAML Authentication settings for Azure](https://www.manageengine.com/products/desktop-central/images/saml-azure-08.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-08.png)

9. Select **SAML**.

   [![SAML Authentication settings for Azure](https://www.manageengine.com/products/desktop-central/images/saml-azure-09.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-09.png)

10. In **Basic SAML Configuration**, select the edit option (the pencil icon).

    [![Azure select edit option (the pencil icon)](https://www.manageengine.com/products/desktop-central/images/saml-azure-10.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-10.png)

11. In this window, the **Entity ID**, **Assertion Consumer Service URL**, and the **Sign on URL** have to be specified.

    [![Azure Assertion Consumer Service URL, Sign on URL](https://www.manageengine.com/products/desktop-central/images/saml-azure-11.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-11.png)

12. Login to your **Central Server** console, switch to the **Admin** tab, and select **SAML Authentication**.

    [![Login to your central server console, switch to the Admin tab](https://www.manageengine.com/products/desktop-central/images/saml-azure-12.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-12.png)

13. Choose **Certificate** next to **Configuration by downloading**. Copy the **Entity ID** and **Assertion Consumer URL**.

    [![Azure Choose Certificate next to Configuration by downloading.](https://www.manageengine.com/products/desktop-central/images/saml-azure-13.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-13.png)

14. Paste the **Entity ID** next to **Identifier**, and the **Assertion Consumer URL** next to **Reply URL** in the **Microsoft Azure** portal.

    [![Azure Paste the Entity ID next to Identifier, and the Assertion Consumer URL](https://www.manageengine.com/products/desktop-central/images/saml-azure-14.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-14.png)

15. Now, copy the **Assertion Consumer URL** and paste it next to **Sign on URL**. Here, change the URL from **Response** to **Request** and click **Save**.

    [![Azure copy the Assertion Consumer URL and paste it next to Sign on URL](https://www.manageengine.com/products/desktop-central/images/saml-azure-15.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-15.png)

16. In **User Attributes & Claims**, select the edit option (the pencil icon).

    [![Azure User Attributes & Claims](https://www.manageengine.com/products/desktop-central/images/saml-azure-16.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-16.png)

17. Click **user.userprincialname [nameid-f...**.

    [![Click user.userprincialname [nameid-f....](https://www.manageengine.com/products/desktop-central/images/saml-azure-17.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-17.png)

18. Click **user.userprincipalname**.

    [![Azure click user.userprincipalname](https://www.manageengine.com/products/desktop-central/images/saml-azure-18.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-18.png)

19. In the drop-down list, select **user.mail**.

    [![Azure In the drop-down list, select user.mail.](https://www.manageengine.com/products/desktop-central/images/saml-azure-19.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-19.png)

20. Click **Save**.

    [![Azure click save](https://www.manageengine.com/products/desktop-central/images/saml-azure-20.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-20.png)

21. In **SAML Signing Certificate**, download **Federation Metadata XML**.

    [![Azure download Federation Metadata XML.](https://www.manageengine.com/products/desktop-central/images/saml-azure-21.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-21.png)

22. On the left hand side menu, click **Users and groups**. Select **Add user**.

    [![Azure click Users and groups. Select Add user.](https://www.manageengine.com/products/desktop-central/images/saml-azure-22.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-22.png)

23. Click **None Selected**.

    [![Azure click None Selected](https://www.manageengine.com/products/desktop-central/images/saml-azure-23.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-23.png)

24. From the right hand side, select the users and click **Select**.

    [![Azure Select User](https://www.manageengine.com/products/desktop-central/images/saml-azure-24.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-24.png)

25. Click **Assign**.

    [![Azure click Assign](https://www.manageengine.com/products/desktop-central/images/saml-azure-25.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-25.png)

26. In the Central Server web console, under **Identity Provider Details**, choose **Others** as **IdP**. Provide a suitable name for the **IdP**, and choose **E-mail ID** as **Name ID**. Next, select **Metadata** and upload the downloaded metadata file in step 21. Click **Save**.

    [![SAML Authentication central server identiy provider details](https://www.manageengine.com/products/desktop-central/images/saml-azure-26.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-26.png)

27. **SAML Authentication** is now enabled in **Central Server**.

    [![SAML Authentication Detail page in central server](https://www.manageengine.com/products/desktop-central/images/saml-azure-27.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-27.png)

28. Login to **Central Server** using your Azure account.

    [![Central server Login page](https://www.manageengine.com/products/desktop-central/images/saml-azure-28.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-28.png)

You have successfully configured the SAML Authentication Settings.