# Enable SSO with Azure AD as the Identity Provider

Enabling single sign-on (SSO) for your domain within FeedOtter allows your Users to easily and securely log in to their accounts. This article will help you get set up if your IdP is Azure AD. For more general information on adding and using SSO with FeedOtter, check out [Enable SSO in Your Account](https://docs.feedotter.com/account-management/security/enable-sso-in-your-account).

{% hint style="info" %}
Single Sign-On requires an Enterprise license.
{% endhint %}

### What is SSO?

Single sign-on (or SSO) is a way to manage your organization's users, allowing them to authenticate and log in to many different applications with just one set of credentials, rather than having to set up multiple usernames and passwords across different platforms. It allows you to manage your users in a single location at your identity provider and prevents potentially losing or forgetting FeedOtter login credentials, as those are stored through another service.

### Setting up SSO with a Generic Identity Provider <a href="#steps" id="steps"></a>

This section explains step by step how to configure SAML Single Sign-On between Help Scout and a generic Identity Provider. Please see the separate articles listed below for setup instructions if your Identity Provider is Okta, OneLogin, or Azure AD:

* [Enabling SSO with OneLogin as the Identity Provider](https://docs.feedotter.com/account-management/security/enable-sso-in-your-account/enable-sso-with-onelogin-as-the-identity-provider)
* [Enabling SSO with Okta as the Identity Provider](https://docs.feedotter.com/account-management/security/enable-sso-in-your-account/enable-sso-with-okta-as-the-identity-provider)
* [Enabling SSO with Azure AD as the Identity Provider](https://docs.feedotter.com/account-management/security/enable-sso-in-your-account/enable-sso-with-azure-ad-as-the-identity-provider)

**Note:** Service Provider (FeedOtter) provisioning is not supported. Accounts should be created first in the IdP or FeedOtter, and then authenticated via the IdP prior to logging in to FeedOtter.

You'll need to be the FeedOtter Account Owner to get this setup for your account.

1. Login to FeedOtter, then navigate to Settings > Company Settings > Security
2. Enable Single Sign-On via the switch.

<div align="left"><figure><img src="https://2086102864-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FIdHBGk8cqznUpEqm5g1U%2Fuploads%2FHaWB6ULRmzi7NS39az57%2F%7B879E40BC-C501-4951-A908-9922A94B7099%7D.png?alt=media&#x26;token=9530adde-7ec7-47dd-be38-a3d97904742e" alt=""><figcaption></figcaption></figure></div>

### Setup a FeedOtter application in  Microsoft Entra <a href="#configure-microsoft-entra-id-with-atlassian-cloud-sso" id="configure-microsoft-entra-id-with-atlassian-cloud-sso"></a>

1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com/) as at least a [Cloud Application Administrator](https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference#cloud-application-administrator).
2. Browse to **Applications > Enterprise applications** and create a new **Single Sign-On** application
3. On the **Select a Single sign-on method** page, select **SAML**.
4. Edit the **Basic SAML Configuration** by clicking on the three dots.
   1. Copy the **Post-back URL** value from FeedOtter and paste it in the **Reply URL** input in Azure
   2. Copy the **Audience URI** value from FeedOtter and paste it in the **Identifier (Entity ID)** input in Azure.
   3. If you wish to have IDP initiated sign-on, leave the Azure Sign on URL empty.  If you wish to have SP initiatied sign-on enter *<https://app.feedotter.com/sso-login>* in this box.
5. Save your changes and return the the FeedOtter IDP application settings main screen.

### Configure Microsoft Entra ID with FeedOtter SSO <a href="#configure-microsoft-entra-id-with-atlassian-cloud-sso" id="configure-microsoft-entra-id-with-atlassian-cloud-sso"></a>

1. In Azure scroll down to section 4 - **Set up FeedOtter to Entra SAML**.
   1. Copy **Login URL** value from Azure portal, paste it in the **Single Sign-On** textbox in FeedOtter.
   2. Copy **Microsoft Entra Identifier** value from Azure portal, paste it in the **Identity Provider Issuer /** **Entity ID** textbox in FeedOtter.

<figure><img src="https://2086102864-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FIdHBGk8cqznUpEqm5g1U%2Fuploads%2FDdPVnUI2zuehLQ9HXl0j%2F%7B1DACC658-07E9-48FC-B4C7-A1B68BB57F44%7D.png?alt=media&#x26;token=d34cab7e-3eab-4e01-8c32-272afba84495" alt=""><figcaption></figcaption></figure>

<div align="left"><figure><img src="https://2086102864-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FIdHBGk8cqznUpEqm5g1U%2Fuploads%2FKB57H9ZIJHmMos4tiN3X%2F%7B18706B37-A5C1-4160-98E5-3FDA9129F3AA%7D.png?alt=media&#x26;token=be9291fe-42c4-4ee0-81ba-219497bc6d78" alt=""><figcaption></figcaption></figure></div>

2. In the **SAML Signing Certificate** section, find **Certificate (Base64)** and select **Download** to download the certificate and save it on your computer.

<div align="left"><figure><img src="https://2086102864-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FIdHBGk8cqznUpEqm5g1U%2Fuploads%2F7nzFH8PfH7ajgB6HUQsQ%2Fimage.png?alt=media&#x26;token=93e9ef6e-ad80-4967-8b64-b0ba0664100e" alt=""><figcaption></figcaption></figure></div>

Open the downloaded file and paste the contents into the Certificate / X.509 textarea in FeedOtter.

Click the **Save button** in FeedOtter to save your settings.

Single Sign-On will now be enabled. Users need to log in via the identity provider prior to logging into FeedOtter.

### Additional Tips

If you are running to trouble getting a connection please try the following:

In Azure, clear out the "sign on url" input box and leave it empty.   Only the identifier and reply url should be filled.

\
![](https://api-na1.hubspot.com/filemanager/api/v2/files/185300334750/signed-url-redirect?portalId=44806402)

The reply Url should be the assertion url that looks similar to this:

```
https://app.feedotter.com/sso/saml2/22b404fe-....3a71c/acs
```

Please save this and try to initiate the login from inside the Azure ui.

&#x20;It seems adding the "signon" url puts it in SP mode vs IDP initiated.<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.feedotter.com/account-management/security/enable-sso-in-your-account/enable-sso-with-azure-ad-as-the-identity-provider.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.