# SSO using Microsoft Entra ID
An Microsoft Entra ID user needs to be added to the desired workspace to allow the connection to the DinMo app
### In the Microsoft Entra ID Dashboard
#### Step 1: Create a custom SAML application for DinMo
1. Sign in your Microsoft Entra account as an admin
2. Go to the **Entreprise apps** and click on **New application**
3. Click on "**Create your own application**"
4. Enter a name (`DinMo App` for example) and click on **Create** and your app will be created
5. From this screen, click on **Set up single sign on**
6. Choose SAML
7. In this screen, choose **Edit** to specify the `Identifier` and the `Reply URL`
* Identifier (Entity ID):
* Reply URL:
8. Configure the Attributes & Claims section
{% hint style="warning" %}
**Important**: You must configure the Attributes & Claims section, specifically the **Unique User Identifier**, as it is mapped to DinMo's Firebase NameID field and must contain a valid email address.
{% endhint %}
To do so, change source attribute to `user.mail` and click **Save**.
A good configuration looks like that:
#### Step 2: Assign people to your SAML app
The same email address must also exist and be authorized in the customer's Identity Provider (IdP).
In your Microsoft Entra ID app, you need to add users that will access DinMo app.
* From **Users and Groups** menu entry and click on **Add user/group**
* Click on **Users/None selected**
* Add the users who should be allowed to connect to the application.
### In the DinMo Application
#### Step 3: Configure Microsoft Entra in DinMo
1. Sign in to your [DinMo workspace](https://app.dinmo.io) as an organization admin
2. Go to your organization management space
* Click on your workspace name in the top left navigation menu.
* Select **Manage Workspaces**.
* Go to the **SSO Configuration** tab.
3. Click on the **Microsoft Entra** logo
4. Fill in the Authentification Settings:
* Login URL
* Microsoft Entra Identifier
* Download the certificat (Base 64) to access the code to copy/paste on our form
5. Click **Save**
6. Collect the generated values:
* **DinMo’s Entity ID**
* **DinMo’s Callback URL**
* **Your Portal URL**: The URL used to connect to your DinMo workspace through SSO.
#### **Step 4: Limit Access to Authorized Users (Optional)**
For additional security, you can restrict access to your DinMo workspace to authorized users only in your IdP. To enable this, toggle the **Enable SAML-only authentication** option.
***
{% hint style="success" %}
:tada: Congratulations! You have successfully enabled SSO for all your DinMo account workspaces.
{% endhint %}
### Connecting to a workspace using SSO
#### Method 1: using DinMo sign-in
* Go to
* Click on "Continue with SSO"
* Enter your **SSO Portal Key**
* Validate your connection with Microsoft Entra
#### Method 2: using your specific URL
* Go to [https://app.dinmo.io/sso?key=your\_key](https://app.dinmo.io/sso?key=dinmo)
* Validate your connection with Microsoft Entra
.png?alt=media&token=c2031837-ab7b-44a5-b319-dc31c79dc025)
.png?alt=media&token=c4b9495a-99c4-4162-bb2a-aa654e2613de)
.png?alt=media&token=55862c1c-a372-487a-b162-55a61eeb8426)
.png?alt=media&token=c16199e8-08b6-4a93-bf5f-f76be47040d4)
.png?alt=media&token=df027cc3-6956-47e9-bb66-24170a6cb6ee)
.png?alt=media&token=c217a6b8-d440-4027-b315-10a197ab922c)
.png?alt=media&token=77fb6730-5a2a-4762-9643-dfc8ade52378)
