# Setup Microsoft Entra ID Integration

### Step 1: Configure Enterprise Applications in Microsoft Azure

1. Access Enterprise Applications : Log in to the Microsoft Azure portal and navigate to the ***Enterprise Applications*** section.
2. Create a New Application
   1. Click on the ***+ New Application*** button.
   2. Select ***+ Create your own application***.
3. Application Setup
   1. Enter a name for your application.
   2. Choose **Integrate any other application you don't find in the gallery (Non-gallery).**
   3. Finally, click on ***Create*** to complete the process

<figure><img src="https://4173380749-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FzKzxNnOaGxZvAEzvYa7y%2Fuploads%2F5KcqaP3YOZUcsvWeUA3n%2FScreenshot%202567-11-07%20at%2011.00.05.png?alt=media&#x26;token=f2ede5af-6c68-4bd8-a36f-5bc78fc46e51" alt=""><figcaption></figcaption></figure>

### Step 2: Set Up Single Sign-On (SSO)

1. Initiate Single Sign-On Configuration: In the application settings, click on ***Set up single sign-on***.
2. Basic SAML Configuration
   1. Add Identifier (Entity ID): Enter the Entity ID provided by the ASOL team (format: \`urn:amazon:cognito:sp:{cognito pool}\`).
   2. Add Reply URL: Enter the URL sent by the ASOL team (format: \`{cognate domain}/saml2/idpresponse\`).

<figure><img src="https://4173380749-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FzKzxNnOaGxZvAEzvYa7y%2Fuploads%2FOr9uBd8zBAVCCYhM2vAJ%2FScreenshot%202567-11-07%20at%2011.05.51.png?alt=media&#x26;token=3879b37b-d90d-4c51-9cc3-86702845dbe7" alt=""><figcaption></figcaption></figure>

### Step 3: Set up Attributes & Claims

1. \[Required] emailaddress = user.userprincipalname
2. \[Required] roles = user.assignedroles

<figure><img src="https://4173380749-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FzKzxNnOaGxZvAEzvYa7y%2Fuploads%2Fq4TOfYYQxfnQFgsfBJsK%2FScreenshot%202567-11-07%20at%2011.15.28.png?alt=media&#x26;token=f1bc80fd-7496-4f70-8a30-3be17f929e84" alt=""><figcaption></figcaption></figure>

### Step 4: Role Mapping

Set up the app roles value and provide the expected [user roles in amity bots plus](https://docs.amitysolutions.com/amity-solutions/amity-bots-platform/users#user-roles-and-permissions) to ASOL team

<figure><img src="https://4173380749-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FzKzxNnOaGxZvAEzvYa7y%2Fuploads%2Fzkr9W55njlDLTg6Z0cvl%2FScreenshot%202567-11-22%20at%2017.13.23.png?alt=media&#x26;token=10c3d7ac-1c40-483a-af88-6b305ffd8e24" alt=""><figcaption></figcaption></figure>

### Step 5: Provide Metadata to ASOL Team via Support Team

Once the above steps are completed, send the App Federation Metadata URL to the [ASOL supper team](https://ekoapp.atlassian.net/servicedesk/customer/portal/5/group/11) for further integration and testing.

<figure><img src="https://4173380749-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FzKzxNnOaGxZvAEzvYa7y%2Fuploads%2FxOriKk1PA4VZx9agsN4u%2FScreenshot%202567-11-07%20at%2011.24.49.png?alt=media&#x26;token=b733673b-b21a-4ddd-a84c-99585d728edc" alt=""><figcaption></figcaption></figure>

1. Open the service request to ASOL support team [LINK](https://ekoapp.atlassian.net/servicedesk/customer/portal/5/group/11)
2. Select Service Request
3. Provide required information to the ASOL team
   1. App Federation Metadata Url
   2. Organization name (use for create the organization id in Amity Bot+)
   3. Attach the files of role mapping (download template [here](https://docs.google.com/spreadsheets/d/1f3wdY_EVdq4fgYvLlxjVlYLfpgNa8pp3Sj-oAKELvmw/edit?gid=0#gid=0))

{% hint style="info" %}
For any assistance during this process, feel free to reach out to our support team. We are here to help ensure a smooth integration experience!
{% endhint %}