> For the complete documentation index, see [llms.txt](https://docs.arnica.io/arnica-documentation/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.arnica.io/arnica-documentation/security/sso-integration/entra-id-integration.md).

# Entra ID Integration

## Entra integration instructions

By integrating Arnica with Entra single sign on (SSO) you can ensure that all users authenticating with Arnica are doing so through your organizations-managed Entra provisioning and de-provisioning.\
\
The setup of the integration requires taking steps on Arnica and Entra. Below are the details.

## Get organization ID in Arnica

1. Sign into Arnica <https://app.arnica.io/> and click on your avatar.

   <div align="center"><figure><img src="/files/OBA7Uv05ureMx3msSVtm" alt="" width="414"><figcaption></figcaption></figure></div>
2. Select *Edit Account*
3. Copy the *Organization ID* (we will call it `YOUR_ARNICA_ORGANIZATION_ID` in the next steps in this guide).

<div align="center"><figure><img src="/files/GYojD0RjqCHKGzMG4EnK" alt="" width="375"><figcaption></figcaption></figure></div>

## Add app integration in Entra <a href="#h_da97c7ef24" id="h_da97c7ef24"></a>

The following steps must be completed by a Cloud Application Administrator, or owner of the service principal:

1. Navigate to Microsoft's Entra admin center via the following URL: <https://entra.microsoft.com/>. This page will result in a 401 error if you do not have permissions.
2. Click on *Add* and select *Enterprise Application.*

<figure><img src="/files/ii6fPSQquXOODhOQeZiF" alt=""><figcaption></figcaption></figure>

3. You will then be redirect to Microsoft's Entra Gallery. Choose the option to *Create your own application.*

<figure><img src="/files/8XF17cGzJQTcIQzMH0a0" alt=""><figcaption></figcaption></figure>

4. Name the integration *Arnica* and choose the option to integrate with a *non-gallery application.*

<figure><img src="/files/lVM3zXSZINjrOw1w4u2Q" alt=""><figcaption></figcaption></figure>

5. Under *Getting Started* select *Set up single sign on.*

<figure><img src="/files/GF7pJ8DUl48UfpEfcANa" alt=""><figcaption></figcaption></figure>

6. Choose SAML as the Single sign-on method.

<figure><img src="/files/YmrGTuPyLZwmNmbTzd0s" alt=""><figcaption></figcaption></figure>

7. *Basic SAML configuration*\
   \&#xNAN;*A. Identifier (Entity ID)*: enter `urn:auth0:arnica-prod:{YOUR_ARNICA_ORGANIZATION_ID}`\
   &#x42;*. Reply URL*: enter `https://arnica-prod.us.auth0.com/login/callback?connection={YOUR_ARNICA_ORGANIZATION_ID}`\
   C. Leave the other fields with their default value.

<figure><img src="/files/7OPdw9BKY8ecvjpYYso2" alt=""><figcaption></figcaption></figure>

8. In “Attribute Statements”: add the following mappings (These statements may be included by default)

| Name            | Type | Value          |
| --------------- | ---- | -------------- |
| emailaddress    | SAML | user.mail      |
| givenname       | SAML | user.givenname |
| surname         | SAML | user.surname   |
| email\_verified | SAML | `true`         |

<figure><img src="/files/FPxtU2ho4ysmW5ii1Qud" alt=""><figcaption></figcaption></figure>

9. In "*Add a Group Claim"*: add the following mapping:\
   a. Set Group association to "*Groups assigned to the application"*\
   \&#xNAN;*b.* Change Source attribute to *"Cloud-only group display names"*

<figure><img src="/files/6toAT6rttD1L45JCx72j" alt=""><figcaption></figcaption></figure>

\
⚠️ **IMPORTANT**: This configuration will only pass groups that have been assigned to the Arnica SAML application.

10. *SAML Certificates*\
    A. Download a copy of your signing certificate (Base64)\
    B. Copy your login URL

<figure><img src="/files/UdjRxIicdri9Caqz1j6D" alt=""><figcaption></figcaption></figure>

9. Send the following to <support@arnica.io>.
   1. Subject: SSO Onboarding Request
   2. Email domain: the domain for which you would like to setup SSO, e.g., yourcompany.com
   3. Arnica Organization ID: your arnica organization ID obtained earlier.
   4. Login URL: the Login URL from the step above.
   5. Attach the Signing Certificate from the step above.
   6. Leave a contact phone number and available times for Arnica’s customer success to help with the onboarding process.
   7. We are typically fast at responding to these requests, but please allow up to 1-2 business days to get confirmation.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.arnica.io/arnica-documentation/security/sso-integration/entra-id-integration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.