# Webchat SSO-SAML with Azure/Entra The instructions in this topic are similar to the topic that follows, except the next topic includes Auth0. This topic contains the following sections: * [**Setup SAML SSO on an Azure portal application**](https://docs.aisera.com/aisera-platform/channels/aisera-webchat/webchat-sso-saml-with-azure-entra#create-saml-sso-on-app-on-azure-portal) * [**Configure SAML SSO on the application**](https://docs.aisera.com/aisera-platform/channels/aisera-webchat/webchat-sso-saml-with-azure-entra#configure-saml-sso-app-on-azure-portal) * [**Copy values from Azure AD/Entra ID**](https://docs.aisera.com/aisera-platform/channels/aisera-webchat/webchat-sso-saml-with-azure-entra#copy-or-download-following-values-from-a-d) * [**Configure SSO Authentication for your Aisera Webchat Bot**](https://docs.aisera.com/aisera-platform/channels/aisera-webchat/webchat-sso-saml-with-azure-entra#configure-sso-authentication-for-webchat) ## Create SAML SSO on app on Azure portal 1. Sign in to the **Azure portal** using either a work or school account, or a personal Microsoft account. 2. On the left navigation pane, select the **Microsoft Entra ID** service. 3. Navigate to **Enterprise Applications** and then select **All Applications**. 4. To add new application, select **New application.**

5. Find and select **Microsoft Entra SAML Toolkit.**

6. Name the app and then click **Create**.

## Configure SAML SSO app on Azure portal To enable Azure AD SSO in the Azure portal: 1. In the Azure portal, on the application integration page, find the **Manage** section and select **single sign-on**. 2. On the **Select a single sign-on method** page, select **SAML**.

3. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.

4. Use the following table to set the parameter values.\ Note that in the examples below, **`acme`** should be replaced with your **tenant id** and **`chatbot`** should not be replaced with a variable. The word `chatbot` should appear in the URL as shown. | **Name** | **Description** | | ----------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Identifier (Entity ID) |

This is the cluster specific vanity of the tenant.

Example Webchat:
Note that the Webchat vanity url can be found in the snippet url.

| |

Reply URL (Assertion Consumer Service URL)

This is the tenant vanity url + /aisera/ssoLoginCallback

Example Webchat:
Note that the Webchat vanity url can be found in the snippet url.

| | Default RelayState |

The default relay state is used to access the Webchat from the Idp portal.

Webchat: snippet url + embed parameter
Example Webchat:

| | Primary attributes | The user email address should be returned as the primary attribute | | Secondary attributes | The full name of the user should be returned as a value of the key `name` | The screenshot below is an example for webchat SAML SSO.

## Copy or download values from Azure AD/Entra ID: * Certificate (Base64) * Login URL * Logout Url

## Configure SSO for your Aisera Webchat Bot To configure SSO for your webchat bot: 1. Navigate to **Settings > Channels** in the Aisera Admin UI. 2. Open the **Webchat** channel that your application/bot is using. 3. In the **Channel Details** window, open the Authentication tab and Select **SAML SSO in the** Authentication field. | **Field** | **Value** | | ----------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | Login URL | Use the value that you see in your **Set up Azure AD SAML Toolkit** window, as shown in the example screenshot above. | | Logout URL | Use the value that you see in your **Set up Azure AD SAML Toolkit** window, as shown in the example screenshot above. | | Issuer | Use the same value as the Identifier Entity ID shown in the **Basic SAML Configuration** window (see example above). | | Skip Compression |

If the checkbox is enabled, the SAML request from the service provider will not be compressed. Normally this should be unchecked, but it needs to be checked for some versions of Microsoft AD SSO.

If AD is used, and you get an invalid request error, check this box and try it again.