> For the complete documentation index, see [llms.txt](https://prohelp.assetpanda.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://prohelp.assetpanda.com/integrations-store/single-sign-on-sso-integrations/microsoft-entra-id-sso.md).

# Microsoft Entra ID SSO

You can configure Single Sign-On (SSO) with Microsoft Entra ID to secure access to Asset Panda Pro. This setup allows you to sign in with Microsoft Entra ID credentials, enhancing security and simplifying user access management.

{% hint style="warning" %}
The Microsoft Entra IDs interface and options may evolve. Refer to the Microsoft Entra ID documentation for additional context and reference.
{% endhint %}

## Prerequisites

* Entity ID and Reply URL provided by Asset Panda
* Administrative access to Microsoft Entra ID
* Access to the **Enterprise Applications** section in Microsoft Entra ID

{% hint style="info" %}
If the **Entity ID** and **ACS URL** are unavailable, contact Asset Panda support to obtain the required details.
{% endhint %}

***

## Search for or create an enterprise application <a href="#enterprise-app" id="enterprise-app"></a>

1. Sign into the [Microsoft Entra ID portal](https://portal.azure.com/).
2. Search for and open **Microsoft Entra ID**.
3. Go to **Microsoft Entra ID > Enterprise Applications**.
4. Search for and open the application.&#x20;

{% hint style="info" %}
If there is no application, create a new one:

1. Click **New application**.
2. Choose **Create your own application**.
3. Enter a name and select **Integrate any other application you don’t find in the gallery (Non-gallery)**.
4. Click **Create**.
   {% endhint %}

***

## Configure SAML-based Single Sign-On <a href="#configure" id="configure"></a>

To configure the SSO settings between Asset Panda and Microsoft Entra ID:

1. In **Enterprise Applications**, select **Single Sign-On** and choose **SAML**.
2. Edit the **Basic SAML Configuration**:
   1. Enter the **Identifier (Entity ID)** as *urn:amazon:cognito:sp:us-east-1\_4jHsDgxlC*
   2. Enter the **Reply URL (Assertion Consumer Service URL)** as *<https://ap-pioneer-951730251621.auth.us-east-1.amazoncognito.com/saml2/idpresponse>*
   3. Click **Save.**
3. Edit **User Attributes & Claims**:
   1. Ensure a claim for the user's email is present.
   2. Add a new claim, if necessary:
      1. Set the **Name** to the `emailaddress`.
      2. Set the **Source Attribute** to `user.mail`.
      3. Save the claim.
4. Download the SAML Metadata File:
   1. Go to the **SAML Signing Certificate** section.
   2. Select **Download** next to **Federation Metadata XML**.
   3. Use this file to complete the Microsoft Entra ID Integration setup with Asset Panda.

***

## Assign users and groups <a href="#users-and-groups" id="users-and-groups"></a>

1. In the **Enterprise Applications**, go to **Users and Groups**.
2. Click **Add user/group**.
3. Choose the users or groups to enable SSO.
4. Click **Assign**. Assigned users can access Asset Panda through SSO.

***

## Complete the Microsoft Entra ID integration setup with Asset Panda <a href="#complete" id="complete"></a>

1. Return to **Enterprise Applications** and verify that the correct tenant is selected.
2. Ensure that all necessary users are assigned to **Users and Groups**.
3. [Upload the downloaded **SAML Metadata File** to Asset Panda](#uploading-saml-metadata) to complete the integration.
4. Test the setup to confirm users can sign in using their Microsoft Entra ID credentials. If any issues arise, verify the setup, permissions, and assigned users.&#x20;

***

## Upload the SAML Metadata File to Asset Panda <a href="#uploading-saml-metadata" id="uploading-saml-metadata"></a>

1. Log into Asset Panda Pro with an administrator account
2. Navigate to <img src="/files/dLHka5YWbUR3zisHLua6" alt="Settings icon" data-size="line"> **Settings** > **Preferences** > **Single sign-on (SSO)**.
3. Click **Add new SSO**.
4. Select the **Enable Type** to determine who can access Asset Panda through SSO:
   * **Enable for all users**: Enable SSO for all users in your organization, allowing them to authenticate using their Microsoft Entra ID or other identity provider credentials.
   * **Enable for selected domains**: Restrict SSO to users with email addresses from specific domains.
   * **Disable for all users**: Disable SSO for all users, preventing authentication via Microsoft Entra ID or other identity provider credentials.
5. Enter a **Connection Name** that will be displayed during the login process.
6. Upload the downloaded Metadata XML file. This file contains the necessary configuration to establish a secure connection between Asset Panda and your identity provider for SSO.
7. Click **Save**.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://prohelp.assetpanda.com/integrations-store/single-sign-on-sso-integrations/microsoft-entra-id-sso.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.