# Azure Setup

{% hint style="warning" %}
Before continuing, this user should be an Azure AD admin for the organization, and a SAML Config must be created in the Integration Gateway Environment.
{% endhint %}

### Create the Integration Gateway Enterprise Application <a href="#azuresso-basicsetuphowto-createtheglyueenterpriseapplication" id="azuresso-basicsetuphowto-createtheglyueenterpriseapplication"></a>

From the Azure Active Directory overview page, select **Enterprise applications** from the left-hand panel.

<figure><img src="/files/d4hMpYUlumKSxLtU14ul" alt=""><figcaption></figcaption></figure>

Click **New Application** at the top.

<figure><img src="/files/Z4r7oU5AtQ6Q4zfmKLCL" alt=""><figcaption></figcaption></figure>

Click **Create your own application** at the top.

<figure><img src="/files/HagZba3vce6C3bmfvTfF" alt=""><figcaption></figcaption></figure>

Provide a name and select **Integrate any other application you don’t find in the gallery (Non-gallery)**. Click **Create** at the bottom of the page.

<figure><img src="/files/XJ8MRvMPwwCqgq8qsBso" alt=""><figcaption></figcaption></figure>

Click **2. Set up single sign on** under **Getting Started**, or select **Single sign-on** from the left-hand panel.

<figure><img src="/files/CzRYBdNQHtYKb6zJJvYf" alt=""><figcaption></figcaption></figure>

Select **SAML**.

<figure><img src="/files/xLMJFkilZLIeLmlmeWBf" alt=""><figcaption></figcaption></figure>

### Provide Integration Gateway's metadata to Azure <a href="#azuresso-basicsetuphowto-provideglyuesmetadatatoazure" id="azuresso-basicsetuphowto-provideglyuesmetadatatoazure"></a>

{% hint style="info" %}
The Integration Gateway environment SAML metadata will be required for the next step.

Integration Gateway always serves its metadata at `https://` (custom domain) `/sso/saml2/metadata/`. If this user is also a Integration Gateway administrator, the metadata URL will be displayed on the **Admin** site under **SAML Configs**.
{% endhint %}

At the top, select **Upload metadata file.** Select the appropriate file and upload.

<figure><img src="/files/r6stz3JbdpAfOhR30lkm" alt=""><figcaption></figcaption></figure>

Click **Save** at the top.

<figure><img src="/files/o8BxIK8iKo4IOz7be2i8" alt=""><figcaption></figcaption></figure>

### Add an email claim <a href="#azuresso-basicsetuphowto-addanemailclaim" id="azuresso-basicsetuphowto-addanemailclaim"></a>

We need to add a claim to the SAML configuration in Azure, so that the user’s email address comes over to Integration Gateway in a field titled “email” instead of something else.

On the application **SAML-based Sign-on** page, in section **2 Attributes & Claims** click **Edit**.

<figure><img src="/files/NUKsbcltAMcZd8wxroGj" alt=""><figcaption></figcaption></figure>

Click **Add new claim** at the top.

<figure><img src="/files/mmXPwsIQVVNwtzZp1z0q" alt=""><figcaption></figcaption></figure>

Enter `email` in the **Name** field. For **Source Attribute** select `user.mail`. Click **Save** in the top-left.

<figure><img src="/files/13xvmq8caMcR6okHqeIV" alt=""><figcaption></figcaption></figure>

Depending on the organization’s Azure configuration, the user email field name may differ.

### Get Azure SAML metadata for Integration Gateway <a href="#azuresso-basicsetuphowto-getazuresamlmetadataforglyue" id="azuresso-basicsetuphowto-getazuresamlmetadataforglyue"></a>

On the application **SAML-based Sign-on** page, in section **3** under **SAML Certificates** download the **Federation Metadata XML**.

<figure><img src="/files/NIaGuyWjBOWDMVDJS1cj" alt=""><figcaption></figcaption></figure>

Alternatively, grab the **App Federation Metadata Url** instead of downloading the file.

This will be needed on the Integration Gateway side, to add Azure as an IdP. If this user is not a Integration Gateway admin, please provide the file/URL to a Sandbox Banking employee.

{% hint style="warning" %}

#### Lastly… <a href="#azuresso-basicsetuphowto-lastly" id="azuresso-basicsetuphowto-lastly"></a>

Don’t forget to assign users or groups to the new application- otherwise they won’t be able to authenticate with Integration Gateway via SSO.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://glyue.docs.sandboxbanking.com/how-to-guides/how-to-set-up-single-sign-on-sso/azure-setup.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.