# Setting up SSO with Microsoft Entra

Sign in to freispace using Microsoft Entra.

### Create Application[​](#create-application "Direct link to Create Application")

1. Open the [Microsoft Entra admin center](https://entra.microsoft.com/) at [entra.microsoft.com](https://entra.microsoft.com/)

2. In the left menu, navigate to **Applications** > **Enterprise applications**. (You might need to click *Show more*)

   ![Microsoft Entra admin center screenshot](/assets/images/microsoft-entra-sso-01-dff740ae7a7f3bd474457091ffb685bf.png)

3. Click **New application**

4. Click **Create your own application**.

5. Enter the following data.

   | Field                                             | Content                                                                       |
   | ------------------------------------------------- | ----------------------------------------------------------------------------- |
   | What's the name of your app?                      | `freispace`                                                                   |
   | What are you looking to do with your application? | `Integrate any other application you don't find in the gallery (Non-gallery)` |

6. Click **Create**.

   A new application has now been created and its settings opened.

7. On the left sidebar, navigate to **Single sign-on**.

8. Select **SAML** as the single sign-on method.

   ![Microsoft Entra admin center screenshot](/assets/images/microsoft-entra-sso-02-a6d90911c44237cf2fae5c4785532873.png)

9. Head over to freispace, and start by clicking **Add tenant** and entering a name for this connection, i.e. *Microsoft*.

   freispace will generate and display an *Reply URL (ACS)* and *Identifier (Entity ID)* right away.

### Configuring Microsoft Entra[​](#configuring-microsoft-entra "Direct link to Configuring Microsoft Entra")

1. On Microsoft Entra, click the small **Edit** button on the top right.

   ![Microsoft Entra admin center screenshot](/assets/images/microsoft-entra-sso-03-a5e9f2e7e37caf756ae743488ea6f5fe.png)

2. Copy over the settings from freispace into Microsoft Entra.

   | freispace              | Microsoft Entra                            | Example data                                              |
   | ---------------------- | ------------------------------------------ | --------------------------------------------------------- |
   | Identifier (Entity ID) | Identifier (Entity ID)                     | `https://api.app.freispace.com/api/v1/saml2/xxx/metadata` |
   | Reply URL              | Reply URL (Assertion Consumer Service URL) | `https://api.app.freispace.com/api/v1/saml2/xxx/acs`      |
   | Team Login URL         | Sign on URL                                | `https://app.freispace.com/login/xxx`                     |

   ![Microsoft Entra admin center screenshot](/assets/images/microsoft-entra-sso-04-7b0d8a1c25d172e842af45d1842e3733.png)

3. Click the small **Save** button on the top left and the close the menu.

### Configuring freispace[​](#configuring-freispace "Direct link to Configuring freispace")

1. On Microsoft Entra, scroll down to *SAML Certificates* and click **Download** to get the *Certificate (Base64)*.

   ![Microsoft Entra admin center screenshot](/assets/images/microsoft-entra-sso-05-11f10548eb7c49387d324dd14fa94969.png)

2. Open the downloaded `freispace.cer` file in a text editor. (On windows, right-click the file, select *Open with...*, select *Notepad* and confirm with *Just once*.)

3. Select the file's entire content and copy it.

4. On freispace, paste the certificate's file content into the field **IdP X.509 Certificate**.

5. On Microsoft Entra, scroll down further and copy the settings from *Set up freispace* into freispace.

   | freispace                 | Microsoft Entra            | Example data                                  |
   | ------------------------- | -------------------------- | --------------------------------------------- |
   | IdP Issuer ID             | Microsoft Entra Identifier | `https://sts.windows.net/xxx/`                |
   | Login URL (SSO endpoint)  | Login URL                  | `https://login.microsoftonline.com/xxx/saml2` |
   | Logout URL (SLO endpoint) | Logout URL                 | `https://login.microsoftonline.com/xxx/saml2` |

   ![Microsoft Entra admin center screenshot](/assets/images/microsoft-entra-sso-06-fdf170a4c51adbf5fb1c153e8faf49f2.png)

6. Additionally, enter the following data.

   | freispace field name                 | Data                                                              |
   | ------------------------------------ | ----------------------------------------------------------------- |
   | Namespace definition for given names | `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname` |
   | Namespace definition for surnames    | `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname`   |

7. On freispace, click **Save settings**.

8. Now, click **Activate**.

### Final steps[​](#final-steps "Direct link to Final steps")

1. On Microsoft Entra, navigate to **Properties**.

2. For the **Logo**, download and then upload this file: [freispace-icon.png](https://docs.freispace.com/assets/files/freispace-icon-114714e39b85f02a4fee28fb61c57be2.png)

   ![Microsoft Entra admin center screenshot](/assets/images/microsoft-entra-sso-07-040e9bb78cccaa72bee2cfb4733b2eb5.png)

3. Click the **Save** button up top.

4. Nearly there! Navigate to **Users and groups**.

5. Finally, add any users or user groups that should have access to freispace.

   ![Microsoft Entra admin center screenshot](/assets/images/microsoft-entra-sso-08-37a5f08ae49fd1953f6a9c8900035025.png)

### Done! 🎉[​](#done- "Direct link to Done! 🎉")

Users may now login to freispace via Microsoft Entra.