> ## Documentation Index
> Fetch the complete documentation index at: https://docs.mileapp.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# SSO with Azure AD (Entra)

This documentation outlines the steps to integrate Single Sign-On (SSO) using Microsoft Azure Active Directory (AD) with MileApp. This integration allows users to authenticate using their Azure AD credentials.

<Note>
  Required permission:

  * View integration
  * Create integration
</Note>

Before you begin, ensure you have the following:

1. **Azure AD Subscription**: A valid Azure AD account with administrator privileges.
2. **MileApp Access**: Access to the MileApp administration settings.
3. **Application Registration**: An application registered in Azure AD for MileApp.

## Step 1: Register MileApp in Azure AD

1. **Log into the Azure Portal**: Navigate to [Azure Portal](https://portal.azure.com/).

<div align="center">
  <img src="https://mintcdn.com/mileapp-c1584fbc/LRuOy7ZrKCurMDXt/images/integration/sso-azure-portal.png?fit=max&auto=format&n=LRuOy7ZrKCurMDXt&q=85&s=baf37c6f7c156314ab134133a3a50482" alt="Azure Portal homepage" width="600" data-path="images/integration/sso-azure-portal.png" />
</div>

2. **Create a New Application**:
   * Go to **Azure Active Directory ➝ All aplication ➝ New application**.

<div align="center">
  <img src="https://mintcdn.com/mileapp-c1584fbc/LRuOy7ZrKCurMDXt/images/integration/sso-new-application.png?fit=max&auto=format&n=LRuOy7ZrKCurMDXt&q=85&s=822be18d6308fba0cbbfd8fa8c2707ce" alt="New application menu" width="600" data-path="images/integration/sso-new-application.png" />
</div>

* Enter the following details:
  * **Name**: MileApp
  * Select the (**Non-gallery) option from the radio box** and click **Create**.

<div align="center">
  <img src="https://mintcdn.com/mileapp-c1584fbc/LRuOy7ZrKCurMDXt/images/integration/sso-non-gallery.png?fit=max&auto=format&n=LRuOy7ZrKCurMDXt&q=85&s=5254a5418ae8824a001070dc15fb5bf7" alt="Create non-gallery application" width="600" data-path="images/integration/sso-non-gallery.png" />
</div>

3. **Register**: Click on **Create** to create the application.

## Step 2: Configure SSO in Azure AD

1. **Navigate to the Registered Application**:
   * Find and select the MileApp application from the **App registrations** list.

2. **Set Up SSO**:
   * In the left menu, click on **Single sign-on**.
   * Select **SAML** as the SSO method.

<div align="center">
  <img src="https://mintcdn.com/mileapp-c1584fbc/LRuOy7ZrKCurMDXt/images/integration/sso-saml-selection.png?fit=max&auto=format&n=LRuOy7ZrKCurMDXt&q=85&s=b782fe3dc0681285980cd664f48179a2" alt="SAML SSO selection" width="600" data-path="images/integration/sso-saml-selection.png" />
</div>

3. **Basic SAML Configuration**:
   * In the **Basic SAML Configuration** section, click on **Edit** and provide the following information:

<div align="center">
  <img src="https://mintcdn.com/mileapp-c1584fbc/LRuOy7ZrKCurMDXt/images/integration/sso-saml-config.png?fit=max&auto=format&n=LRuOy7ZrKCurMDXt&q=85&s=8d3297ef23b02863879cd6e57326679b" alt="Basic SAML Configuration" width="600" data-path="images/integration/sso-saml-config.png" />
</div>

4. Enter a unique ID. Note: This ID will be used in the saml.config file for the service provider name. Therefore, note the ID. For e.g: you can enter the ID as `https://your-mileapp-url.com`

5. Next, click **Add reply URL**.

6. Enter the application **callback URL** where the response will be posted. For now, you can enter a dummy URL e.g. `https://your-mileapp-url.com/auth/sso`

7. Select **Save**. Close the Basic SAML Configuration page.

8. Now scroll down to Set up MileApp app. Copy the Login URL. You will need this URL on MileApp.

9. **SAML Signing Certificate**:
   * Download the **Certificate (Base64)** by clicking on the **Download** button. This certificate will be used in MileApp for SSO configuration.

## Step 3: Configure MileApp for SSO

1. **Log into MileApp**: Access the settings menu of MileApp.

2. **Navigate to SSO Settings**:
   * Go to **Setting ➝ Integration ➝ Azure SSO Configuration**.

3. **Enter SSO Details:**
   1. Paste the **Login URL** that you copied from Azure.
   2. Upload the .cer file that you downloaded from Azure

<div align="center">
  <img src="https://mintcdn.com/mileapp-c1584fbc/LRuOy7ZrKCurMDXt/images/integration/sso-mileapp-config.png?fit=max&auto=format&n=LRuOy7ZrKCurMDXt&q=85&s=4636701ebccaf4d97c9510e8e6afc326" alt="MileApp SSO configuration" width="600" data-path="images/integration/sso-mileapp-config.png" />
</div>

4. After entering the required details, click on **Save** to apply the settings.

## Step 4: Registering Users from Azure

<div align="center">
  <img src="https://mintcdn.com/mileapp-c1584fbc/LRuOy7ZrKCurMDXt/images/integration/sso-users-groups.png?fit=max&auto=format&n=LRuOy7ZrKCurMDXt&q=85&s=f73f6eca09bc7272504334795dc244dd" alt="Users and Groups menu" width="600" data-path="images/integration/sso-users-groups.png" />
</div>

### Steps:

1. Open the **Users and Groups** menu.
2. Click **Add User/Group** to register users who can access MileApp.
3. Only registered users in Azure can log in to MileApp using their Azure accounts.

## Login to MileApp via Microsoft Account with Azure SSO

### 1. Complete the Setup Process

After successfully completing the setup steps for Azure SSO, you can proceed to log in to MileApp using your Microsoft account.

### 2. Access the Office Portal

<div align="center">
  <img src="https://mintcdn.com/mileapp-c1584fbc/LRuOy7ZrKCurMDXt/images/integration/sso-office-login.png?fit=max&auto=format&n=LRuOy7ZrKCurMDXt&q=85&s=8e175d3c1ab31ffa32fb9bc8b7981d4a" alt="Office portal login" width="600" data-path="images/integration/sso-office-login.png" />
</div>

<div align="center">
  <img src="https://mintcdn.com/mileapp-c1584fbc/LRuOy7ZrKCurMDXt/images/integration/sso-office-dashboard.png?fit=max&auto=format&n=LRuOy7ZrKCurMDXt&q=85&s=0949926866a3daad9df16b7bc1a846eb" alt="Office portal dashboard" width="600" data-path="images/integration/sso-office-dashboard.png" />
</div>

1. Open the Microsoft Office web portal at [https://www.office.com/](https://www.office.com/).
2. Log in with your Microsoft account credentials.

### 3. Navigate to MileApp

<div align="center">
  <img src="https://mintcdn.com/mileapp-c1584fbc/LRuOy7ZrKCurMDXt/images/integration/sso-app-launcher.png?fit=max&auto=format&n=LRuOy7ZrKCurMDXt&q=85&s=220fbd1c8c3448014feaedf67517f515" alt="App launcher with MileApp" width="600" data-path="images/integration/sso-app-launcher.png" />
</div>

1. Once logged in, click on the **App Launcher** (the grid icon) on the left-hand side of the screen.
2. Select **MileApp** from the list of available applications to access the MileApp web platform.

By following these steps, you will be successfully logged into MileApp through your Microsoft account integrated with Azure SSO.

## Notes

1. If you already have a MileApp account and want to integrate it with Azure SSO, ensure that the email registered in Azure AD matches the email used in your MileApp account.
2. If the email registered in Azure AD differs from the email registered in MileApp, it will be considered a separate account.
3. If a user has been invited through MileApp but has not completed the verification process via email and is then registered in Azure using the same email, they cannot log in to MileApp until the verification is complete. You can complete the verification process via email or delete the unverified user in the **User Settings** menu to allow access.

## Tips

1. Ensure you have **View** and **Create Integration** permissions to configure the integration.
2. You can still set a password in MileApp even after your account is registered in Azure. The password can be used for logging in through the MileApp login page.