--- title: "Azure - SAML Integration Instructions(Single Sign On)" slug: "azure-saml-integration-instructionssingle-sign-on" updated: 2023-05-22T16:39:50Z published: 2023-05-22T16:39:50Z --- > ## Documentation Index > Fetch the complete documentation index at: https://docs.catchpoint.com/llms.txt > Use this file to discover all available pages before exploring further. # Azure - SAML Integration Instructions(Single Sign On) Follow the below steps to integrate Azure Active directory(*identity provider*) with Catchpoint (*service provider*) 1. Login to Azure and navigate to **Azure Active Directory > Enterprise applications** 2. Click on **New application** and select **non-gallery application** 1. New Application ![mceclip0.png](https://cdn.document360.io/cb4af8f9-6751-4fd2-b39c-07aae832badb/Images/Documentation/360049794391-mceclip0.png) 2. Non-gallery application ![mceclip1.png](https://cdn.document360.io/cb4af8f9-6751-4fd2-b39c-07aae832badb/Images/Documentation/360049669352-mceclip1.png) 3. Configure **Azure AD SSO (SAML)** 1. Navigate to **Single sign-on** in the left panel after creating the application.  ![mceclip0.png](https://cdn.document360.io/cb4af8f9-6751-4fd2-b39c-07aae832badb/Images/Documentation/360049670592-mceclip0.png) 2. Select **SAML** from the single sign-on methods to navigate to SAML-based Sign-on Page. 3. In the **Identifier (Entity ID)** field, input: `https://portal.catchpoint.com/SAML2` 4. In the **Reply URL (Assertion Consumer Service URL):** field, input: `https://portal.catchpoint.com/ui/Entry/SingleSignOn.aspx` ![mceclip1.png](https://cdn.document360.io/cb4af8f9-6751-4fd2-b39c-07aae832badb/Images/Documentation/360049795871-mceclip1.png) 4. Catchpoint requires the following two attributes/claims **namespace** attribute is mandatory for Identity Provider (IdP) initiated login. - **Namespace**: Identifies your SSO provider and the value can be of your choice. - ![image.png](https://cdn.document360.io/cb4af8f9-6751-4fd2-b39c-07aae832badb/Images/Documentation/image%2830%29.png) ***Note:*** **Namespace** is not a default attribute/claims in Azure AD, and is mandatory for Identity Provider (IdP) initiated login. - **DirectAssertion Mapping:** This setting allows the IdP to create and set user permissions based on key/value pairs. Follow these steps to create a new claim and the value. 1. Click on **Edit User Attributes and Claims** ![4.png](https://cdn.document360.io/cb4af8f9-6751-4fd2-b39c-07aae832badb/Images/Documentation/360073552211-4.png) 2. Add new claim ![5.png](https://cdn.document360.io/cb4af8f9-6751-4fd2-b39c-07aae832badb/Images/Documentation/360073293492-5.png) 3. Provide the name which is the **key** used in the assertion in Catchpoint ![7_-_Name.png](https://cdn.document360.io/cb4af8f9-6751-4fd2-b39c-07aae832badb/Images/Documentation/360073552931-7_-_Name.png) 4. Select **attribute** ![7-Attribute.png](https://cdn.document360.io/cb4af8f9-6751-4fd2-b39c-07aae832badb/Images/Documentation/360073295872-7_-_Attribute.png) 5. Select **AD group name** ![7-Group.png](https://cdn.document360.io/cb4af8f9-6751-4fd2-b39c-07aae832badb/Images/Documentation/360073295972-7_-_Group.png) 6. Specify the value to be sent to Catchpoint – this will be the **value** we match in the assertion. ![7-Value.png](https://cdn.document360.io/cb4af8f9-6751-4fd2-b39c-07aae832badb/Images/Documentation/360073293712-7_-_Value.png) The above azure AD setup shows the claim name as "departm"(key) and the value as "CP_ALL_RO" (value) for the Azure AD group. 1. Complete Catchpoint single sign-on setup for [Autoprovisioning](https://docs.catchpoint.com/docs/legacy-single-sign-on?highlight=single%20sign%20on). A user login into Catchpoint has the claim name as "departm" and the value "CP_ALL_RO" then the user assigns with "**Client analyst**" System access/user role as per below settings. ![image.png](https://cdn.document360.io/cb4af8f9-6751-4fd2-b39c-07aae832badb/Images/Documentation/image%2831%29.png) **Note:** If a user is not assigned the **Client analyst** user role, this means the key=value (claim name or/and value) pair is not getting passed correctly from IDP( Azure AD). However, we can verify by capturing SAML. Use [SAML-tracer](https://chrome.google.com/webstore/detail/saml-tracer/mpdajninpobndbfcldcmbpnnbhibjmch) Chrome extension ([Mozilla extension](https://addons.mozilla.org/en-US/firefox/addon/saml-tracer/)) to capture the SAML while login to Catchpoint to verify if the claim name and value are getting passed from Azure AD. Please feel free to reach out at [support@catchpoint.com](mailto:support@catchpointc.om) for any assistance.