# SAML with Microsoft Entra ID {% hint style="info" %} This process can only be fully achieved in collaboration with our team. Exact instructions are provided in the impacted sections below where this exchange of information is required. {% endhint %} ## Create a new SAML App in Microsoft Entra ID In order to connect your Microsoft Entra ID directory to Rely.io you need to create a dedicated App by following the steps below. 1. Log into your [Microsoft Azure Portal](https://portal.azure.com/). Please ensure you have permissions to create Enterprise Applications and configure SSO. If you don't have the necessary permissions please reach out to an Administrator. 2. In the search bar, type *Entra ID* and select ***Microsoft Entra ID*** to navigate to the correct management panel.

3. In your directory page go to ***Enterprise Applications***.

3. On the top menu bar select ***New Application*** and then ***Create your own application*****.**

4. Now, specify the name that you would like to give to your application and select the **last option** as we want to integrate with an application you don't manage and doesn't exist in the Entra Gallery.

4. Now that the Enterprise Application is created we can start the SSO configuration with SAML. Go to ***Single sign-on > SAML***.

5. To proceed with the SSO configuration is important that you specify the ***Identifier*** and the ***Reply URL*** on the Basic SAML Configuration section. Click the Edit button and provide the following values: 1. **Identifier (Entity ID):** `urn:auth0:relyio:` 2. Reply URL (ACS URL): [`https://auth.rely.io/login/callback`](https://auth.rely.io/login/callback)

6. **(Optional)** On **step 2** - mapping - you can map additional properties such as ***groups.*** By default the email, full name, first name and last name are already mapped.

Add group information to your SAML payload

7. Now we need to gather some information to provide Rely.io's team for configuration on their side. Start by downloading your certificate in `.pem` format. \ \ On step 3, click on **Edit**, then select the three dots next to the Active certificate and down the PEM certificate.

7. Then, copy the Login URL and store it somewhere safe.

8. **Send the SSO URL and Certificate to Rely.io** via one of the following means: 1. Direct outreach to your dedicated Customer Success Manager 2. In Slack via your Dedicated Channel (for Enterprise customers) 3. Via your in-product chat bot 4. Via email to 9. You will receive in return a confirmation once all configurations are done on Rely.io's side. 10. Once you get the confirmation, move to the final step of the wizard to test that the configuration worked.

That's it! You're SAML Connection to Rely.io from Microsoft Entra ID is now ready for your users to use.