# How to configure SAML authentication settings in Endpoint Central MSP for Azure SSO?

## Description

This document will walk you through the steps required to configure SAML Authentication settings in Endpoint Central MSP for Azure.

**Note**: If the FQDN in the ACS URL is different from the one mentioned in the **NAT Settings**, then go to `<Installation_directory>/Endpoint Central MSP server/conf/websettings.conf` and, in a new line, type **saml.fqdn.name=<FQDN_Name>**. Here, **<FQDN_Name>** represents your FQDN name.  
For example: `saml.fqdn.name=dc.com`. Here, **dc.com** is the FQDN name. After saving the **websettings.conf** file, restart the **Endpoint Central MSP** server and reconfigure the **SAML Authentication** settings.

## Installation Steps

1. Login to your Azure account using **https://portal.azure.com** and enter your email address. After that, click **Next**.  
   [![SAML Authentication settings for Azure](https://www.manageengine.com/products/desktop-central/images/saml-azure-01.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-01.png)

2. Enter the **password** and click **Sign in**.  
   [![SAML Authentication settings for Azure](https://www.manageengine.com/products/desktop-central/images/saml-azure-02.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-02.png)

3. Expand the menu on the left hand side, and select **Azure Active Directory**.  
   [![SAML Authentication settings for Azure](https://www.manageengine.com/products/desktop-central/images/saml-azure-03.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-03.png)

4. Select **Enterprise applications**.  
   [![SAML Authentication settings for Azure](https://www.manageengine.com/products/desktop-central/images/saml-azure-04.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-04.png)

5. Select **New application**.  
   [![SAML Authentication settings for Azure](https://www.manageengine.com/products/desktop-central/images/saml-azure-05.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-05.png)

6. Select **Non-gallery application** on the right hand side.  
   [![SAML Authentication settings for Azure](https://www.manageengine.com/products/desktop-central/images/saml-azure-06.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-06.png)

7. Provide an appropriate name and click **Add**.  
   [![SAML Authentication settings for Azure](https://www.manageengine.com/products/desktop-central/images/saml-azure-07.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-07.png)

8. On the left hand side menu, click **Single sign-on**.  
   [![SAML Authentication settings for Azure](https://www.manageengine.com/products/desktop-central/images/saml-azure-08.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-08.png)

9. Select **SAML**.  
   [![SAML Authentication settings for Azure](https://www.manageengine.com/products/desktop-central/images/saml-azure-09.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-09.png)

10. In **Basic SAML Configuration**, select the edit option (the pencil icon).  
    [![SAML Authentication settings for Azure](https://www.manageengine.com/products/desktop-central/images/saml-azure-10.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-10.png)

11. In this window, the **Entity ID**, **Assertion Consumer Service URL**, and the **Sign on URL** have to be specified.  
    [![SAML Authentication settings for Azure](https://www.manageengine.com/products/desktop-central/images/saml-azure-11.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-11.png)

12. Login to your **Endpoint Central MSP** console, switch to the **Admin** tab, and select **SAML Authentication**.  
    [![SAML Authentication settings for Azure](https://www.manageengine.com/products/desktop-central/images/saml-azure-12.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-12.png)

13. Choose **Certificate** next to **Configuration by downloading**. Copy the **Entity ID** and **Assertion Consumer URL**.  
    [![SAML Authentication settings for Azure](https://www.manageengine.com/products/desktop-central/images/saml-azure-13.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-13.png)

14. Paste the **Entity ID** next to **Identifier**, and the **Assertion Consumer URL** next to **Reply URL** in the **Microsoft Azure** portal.  
    [![SAML Authentication settings for Azure](https://www.manageengine.com/products/desktop-central/images/saml-azure-14.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-14.png)

15. Copy the **Assertion Consumer URL** and paste it next to **Sign on URL**. Change the URL from **Response** to **Request** and click **Save**.  
    [![SAML Authentication settings for Azure](https://www.manageengine.com/products/desktop-central/images/saml-azure-15.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-15.png)

16. In **User Attributes & Claims**, select the edit option (the pencil icon).  
    [![SAML Authentication settings for Azure](https://www.manageengine.com/products/desktop-central/images/saml-azure-16.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-16.png)

17. Click **user.userprincialname [nameid-f...]**.  
    [![SAML Authentication settings for Azure](https://www.manageengine.com/products/desktop-central/images/saml-azure-17.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-17.png)

18. Click **user.userprincipalname**.  
    [![SAML Authentication settings for Azure](https://www.manageengine.com/products/desktop-central/images/saml-azure-18.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-18.png)

19. In the drop-down list, select **user.mail**.  
    [![SAML Authentication settings for Azure](https://www.manageengine.com/products/desktop-central/images/saml-azure-19.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-19.png)

20. Click **Save**.  
    [![SAML Authentication settings for Azure](https://www.manageengine.com/products/desktop-central/images/saml-azure-20.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-20.png)

21. In **SAML Signing Certificate**, download **Federation Metadata XML**.  
    [![SAML Authentication settings for Azure](https://www.manageengine.com/products/desktop-central/images/saml-azure-21.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-21.png)

22. On the left hand side menu, click **Users and groups**. Select **Add user**.  
    [![SAML Authentication settings for Azure](https://www.manageengine.com/products/desktop-central/images/saml-azure-22.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-22.png)

23. Click **None Selected**.  
    [![SAML Authentication settings for Azure](https://www.manageengine.com/products/desktop-central/images/saml-azure-23.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-23.png)

24. From the right hand side, select the users and click **Select**.  
    [![SAML Authentication settings for Azure](https://www.manageengine.com/products/desktop-central/images/saml-azure-24.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-24.png)

25. Click **Assign**.  
    [![SAML Authentication settings for Azure](https://www.manageengine.com/products/desktop-central/images/saml-azure-25.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-25.png)

26. In the Endpoint Central MSP web console, under **Identity Provider Details**, choose **Others** as **IdP**. Provide a suitable name for the **IdP**, and choose **E-mail ID** as **Name ID**. Next, select **Metadata** and upload the downloaded metadata file in step 21. Click **Save**.  
    [![SAML Authentication settings for Azure](https://www.manageengine.com/products/desktop-central/images/saml-azure-26.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-26.png)

27. **SAML Authentication** is now enabled in **Endpoint Central MSP**.  
    [![SAML Authentication settings for Azure](https://www.manageengine.com/products/desktop-central/images/saml-azure-27.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-27.png)

28. Login to **Endpoint Central MSP** using your Azure account.  
    [![SAML Authentication settings for Azure](https://www.manageengine.com/products/desktop-central/images/saml-azure-28.png)](https://www.manageengine.com/products/desktop-central/images/saml-azure-28.png)

You have successfully configured the SAML Authentication Settings.