# Azure Active Directory

## Prerequisites

Please have the **entity ID** (usually `appetizeio-saml`) and the **Assertion Consumer Service URL** (looks like `https://appetize.io/sso/example/cb`) you received from Appetize support.

## Azure Active Directory Setup

In Azure Active Directory, go to Enterprise Applications. Create a new application. Choose a name for it (e.g. Appetize) and select "Integrate any other application you don't find in the gallery (Non-gallery).

<figure><img src="https://2147444700-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJUveBCJfn0GR8-hlqi%2Fuploads%2FPlNgGoM6exCA0s2GzoXj%2Fazure-1-enterprise-apps.png?alt=media&#x26;token=627ee852-0fad-4681-a4f4-cdb7ca6ef7fb" alt="List of enterprise apps. Click &#x22;New Application&#x22;"><figcaption><p>List of enterprise apps. Click "New Application"</p></figcaption></figure>

<figure><img src="https://2147444700-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJUveBCJfn0GR8-hlqi%2Fuploads%2FwTXdawRnhidqUWrIiRdU%2Fazure-2-create-app.png?alt=media&#x26;token=48a14ca0-e34e-4d06-a330-3db65a29942d" alt=""><figcaption><p>Choose a name, e.g. "Appetize" and choose Non-gallery</p></figcaption></figure>

With the App created, click on "App roles". Create a role named "Appetize Admin" with value `appetize_admin`, and another role named "Appetize Developer" with value `appetize_developer`.

<figure><img src="https://2147444700-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJUveBCJfn0GR8-hlqi%2Fuploads%2FlR6BC5lk8T8DynJp5dn1%2Fazure-3-create-app-role.png?alt=media&#x26;token=0c9ab2e3-5908-4188-8115-7402d2ebdebb" alt=""><figcaption><p>Creating the appetize<em>admin app role. Repeat for appetize_developer.</em></p></figcaption></figure>

<figure><img src="https://2147444700-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJUveBCJfn0GR8-hlqi%2Fuploads%2FsQYM80SzCLsG2QX2FOkF%2Fazure-4-app-roles.png?alt=media&#x26;token=7c5150f2-fbb0-4595-bdde-e8a65e2f8e6d" alt=""><figcaption><p>Your app roles should look like this</p></figcaption></figure>

Return to "Enterprise Applications" and choose "Appetize". Click "Users and groups" to authorize logging in. Click "Add user/group" and choose from your organization's existing users or groups. Select a role (Appetize Admin, Developer, or User) as appropriate. Save the assignment.

<figure><img src="https://2147444700-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJUveBCJfn0GR8-hlqi%2Fuploads%2F86VSTiWsVGX7R64KT72a%2Fazure-5-users-groups.png?alt=media&#x26;token=8e9e5ab4-a50c-4db7-9960-80e3521912af" alt=""><figcaption><p>Go to Users and Groups for the Appetize application</p></figcaption></figure>

<figure><img src="https://2147444700-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJUveBCJfn0GR8-hlqi%2Fuploads%2Fv5BNJfZYxLnpiheh3q7P%2Fazure-6-assign-user.png?alt=media&#x26;token=e72a53cf-7544-4bb8-8127-d4b60dc39e55" alt=""><figcaption><p>Choose users and/or groups and assign them to the Admin, Developer, or User role</p></figcaption></figure>

Click "Single sign-on" and click "SAML". Enter the entity ID and Assertion Consumer Service URL provided by Appetize support.

<figure><img src="https://2147444700-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJUveBCJfn0GR8-hlqi%2Fuploads%2FXT5IgwGB5v6LS0c1689b%2Fazure-7-sso.png?alt=media&#x26;token=70b590d8-3c01-4676-abd7-3165d2316f5e" alt=""><figcaption><p>Click SAML</p></figcaption></figure>

<figure><img src="https://2147444700-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJUveBCJfn0GR8-hlqi%2Fuploads%2F3ghCdsEeVe7r99rDCDLL%2Fazure-8-saml-start.png?alt=media&#x26;token=db677632-013a-49c3-bf20-88f1b8065e5a" alt=""><figcaption><p>Enter values provided by Appetize support</p></figcaption></figure>

On the next page, click the edit button next to "Attributes & Claims". Click "Add a new claim". Name: groups, Source: attribute, Source attribute: user.assignedroles. Save the claim.

<figure><img src="https://2147444700-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJUveBCJfn0GR8-hlqi%2Fuploads%2FVqXp4Iz08IqCd5K78IlR%2Fazure-9-saml-page.png?alt=media&#x26;token=adccfa46-d5b7-44c0-ad3e-90aaecaff021" alt=""><figcaption><p>Click Edit button next to Attributes &#x26; Claims</p></figcaption></figure>

<figure><img src="https://2147444700-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJUveBCJfn0GR8-hlqi%2Fuploads%2FKn9Qqx6vRGQ4msXVVrtK%2Fazure-11-claims.png?alt=media&#x26;token=3c298947-d0ab-43e1-8c9b-b850a49d3cdc" alt=""><figcaption><p>Click "Add new claim"</p></figcaption></figure>

<figure><img src="https://2147444700-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJUveBCJfn0GR8-hlqi%2Fuploads%2FkWkCf7oFdmKQXmTwus4A%2Fazure-12-new-claim.png?alt=media&#x26;token=4053cb1b-d3a6-478e-a25d-fc2c7df160a7" alt=""><figcaption><p>Name: groups. Source attribute: user.assignedroles</p></figcaption></figure>

Return the SAML page and download the **"Federation Metadata XML" file**. Send this file to Appetize support. Alternative, you may send the **Certificate (Base64)** and the **Login URL**.

<figure><img src="https://2147444700-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJUveBCJfn0GR8-hlqi%2Fuploads%2FWg21pZ75tVM5tgCShccW%2Fazure-13-saml-certificate.png?alt=media&#x26;token=b93269a3-1304-4290-9a17-fc8fc326d272" alt=""><figcaption><p>Download the Federation Metadata XML and send to Appetize support</p></figcaption></figure>

Appetize will provision SSO for your account after receiving the information. If necessary, we may also schedule a call to test the integration.