# How to set up SSO SAML 2.0 with Azure

Single Sign-On (SSO) is an authentication method that enables users to securely log in to various applications, platforms, or websites using a single set of credentials. SSO functions based on a trust relationship between a service provider application and an identity provider (IdP) such as Google, Okta, OneLogin, or Microsoft AD FS. This trust is typically established through a certificate exchanged between the IdP and the service provider:

![](https://ucarecdn.com/30154efc-90bc-4d18-b0f0-9e81c519bf5c/image.png)

Benefits of using SSO:

* Users sign in with existing credentials. They type passwords less often.
* Your IdP stays the source of truth for authentication.
* You do not need to sync passwords with the IdP.

In DocStudio, you can configure Single Sign-On to allow employees to access DocStudio through their Identity Provider (IdP), removing the need for passwords during the login process, ensuring secure and quick access.

DocStudio's single sign-on system is based on Security Assertion Markup Language 2.0 (SAML 2.0), which is the leading industry standard for exchanging authentication and authorisation data across web applications.

{% columns %}
{% column %}
In the **'Integrraions'** tab, you can add your SSO providers to set up SSO authentication for corporate users. To **'Create an SSO provider'**, click on the corresponding button and complete the fields in the modal window:
{% endcolumn %}

{% column %}

<figure><img src="/files/CxSxmwamVGBotfsqEhRw" alt=""><figcaption></figcaption></figure>

{% endcolumn %}
{% endcolumns %}

You can choose the type of metadata (URL or XML). After filling out the details, click the <img src="/files/F0ede5xeVlYuP0oLQGBt" alt="" data-size="line"> button.

The providers added this way can be edited ![pencil](https://wiki.edin.ua/uk/latest/_images/Work_with_WD_064.png) or deleted ![trash](https://wiki.edin.ua/uk/latest/_images/Work_with_WD_066.png) (although deletion requires confirmation)

![](https://ucarecdn.com/4d0c7c91-04db-431c-8221-1dd662d50e6c/image_-_2025-05-08T112557.857.png)

### **Configuring on the Azure Side**

To proceed, register the application in the **Azure Active Directory (Azure AD)** with a corporate identity management administrator account.

<figure><img src="/files/UnVBKHTl7D1JbKN30emH" alt=""><figcaption></figcaption></figure>

Then navigate to the menu and go to ‘Enterprise apps’ -> ‘New app’ -> ‘Create a custom app’

<figure><img src="/files/UHEuOzGRR6DaGfxDMCfu" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/QUcFhkJWbEFfI3Hh2zUd" alt=""><figcaption></figcaption></figure>

Once the application is added and visible in the ‘Enterprise apps’ list.\
\
Configure SAML (Single Sign-On options) by selecting ‘Single sign-on’ in the ‘Management’ section and then choosing SAML.

<figure><img src="/files/SIvMyg63Cy1ZVXhIt0X8" alt=""><figcaption></figcaption></figure>

Next, you need to configure the Single Sign-on parameters

Basic SAML Configuration

* Identifier (Entity ID) = <https://api.docstudio.com/saml/metadata>
* Response URL = <https://api.docstudio.com/saml/SSO>

<figure><img src="/files/7AltxybPPdE4pB9pJxg5" alt=""><figcaption></figcaption></figure>

{% columns %}
{% column %}
After adding the URLs and saving the basic configuration, these settings will be available in the system:

* **Attributes and Validations**
* **SAML certificates**
  {% endcolumn %}

{% column %}

{% endcolumn %}
{% endcolumns %}

{% columns %}
{% column width="50%" %}
You will need to configure the SSO connection in DocStudio as follows

* **First Name Match = user.givenname**
* **Surname Match = user.surname**
* **Phone number match = user.mail**

{% hint style="info" %}
These settings may vary depending on your Active Directory (AD) configuration
{% endhint %}
{% endcolumn %}

{% column width="50%" %}

<figure><img src="/files/2YzDeX46Mrb7pqRekEgc" alt="" width="311"><figcaption></figcaption></figure>
{% endcolumn %}
{% endcolumns %}

{% columns %}
{% column %}
In the **SAML Certificates** section, upload the XML file.
{% endcolumn %}

{% column %}

{% endcolumn %}
{% endcolumns %}

To finish the setup in DocStudio, select **XML** as the metadata type.

Copy the content from your Azure metadata file, paste it into the **SSO XML field**, and click the <img src="/files/F0ede5xeVlYuP0oLQGBt" alt="" data-size="line"> button.

{% hint style="info" %}
Don’t forget to enable access for your users on the Azure side and enable SSO in the Domain settings
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://support.docstudio.com/admin-panel/account-settings/how-to-set-up-sso-saml-2.0-with-azure.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.