# How do I set up SAML SSO with Microsoft? In this article, you will get a step-by-step guide to setting up SAML SSO, provided you are using Microsoft as your identity provider. If you are looking for instructions on setting up the SSO login at sipgate,[ you can find them here.](https://help.sipgate.de/hc/de/articles/13437518031645-Wie-richte-ich-einen-SSO-Login-f%C3%BCr-mein-Unternehmen-ein-) {% stepper %} {% step %} **Open identity section** In the first step, log in to your Microsoft account as an admin and select in the right-hand menu: **Show all -->** **Identity** . ![sipgate-help-center-SSO-Microsoft1.png](/files/7f7a9ef22bf9a901a1970718d9d4bada8973527d) {% endstep %} {% step %} **Create application** In the Entra Admin Center, go to the right-hand menu, select **Applications** and then click on **Create your own application**. ![sipgate-help-center-SSO-Microsoft2.png](/files/8dd523ad7e80e4ddf99c2985da2a1894d834c9b6) After a new window has opened on the right-hand side, you can enter any name that **sipgate** should be included. The remaining settings can be left unchanged at the default settings. Finally, click the **Create**. ![sipgate-help-center-SSO-Microsoft3.png](/files/db9734f1b773927305c0b38b00fefad3c8765937) {% endstep %} {% step %} **Select SSO method** The sipgate application was created successfully. You can find it under **Applications --> Overview** . In the next step, go to **Set up SSO**. ![sipgate-help-center-SSO-Microsoft4.png](/files/14129513bd8a1734d1046325366b33d69921db4a) Click under **Select SSO method** on **SAML**. ![sipgate-help-center-SSO-Microsoft5.png](/files/fa739451466be75865f898369390f9e5a36fa208) {% endstep %} {% step %} **Import IdP data** In the following step, you will receive an overview of the setup steps as well as all the required data for configuring the SSO setup at sipgate. This data includes the **SSO URL**, the **Entity ID** and the **Certificate**. To transfer this data to your sipgate account, go to point 4 in the overview **Set up sipgate** and copy the following information: the **Login URL** (**SSO URL**) and the **Azure AD identifier** (**Entity ID**). ![sipgate-help-center-SSO-Microsoft6.png](/files/ca43bfc8622757b2335b281d9e948586cf9116cb) {% endstep %} {% step %} **Enter certificate** In point 3 **SAML certificates** proceed as follows: Click on **Edit** and select **SAML signing certificate**. Then open the certificate's context menu and download the **Base64 certificate** . ![sipgate-help-center-SSO-Microsoft8.png](/files/bba0831bf70a93f5d29168615d1e3a3b55c3f7e2) Open the certificate with the default text editor (file with the extension '.cer'). Copy the certificate text from the editor and paste it into sipgate under **Certificate** . {% endstep %} {% step %} **Enter SP data** Go to point 1 **Basic SAML configuration** and click on **Edit**. Enter the following data from the SSO area in sipgate (service provider data): **Entity-Id --> Entity ID and ACS URL --> Reply URL (Assertion Consumer Service URL)** and click on **Save**. ![sipgate-help-center-SSO-Microsoft10.png](/files/4e0fb8d2d1652e3fbcbe5afc8ad7d2c88eb38431) {% endstep %} {% step %} **Assign users** In the next step, go to the left-hand navigation menu and select **Users and groups** **-->** **Add user/group** . ![sipgate-help-center-SSO-Microsoft11.png](/files/c75114176713c101fe8621c2cc3f1626d9abdf7b) To select specific users or groups for SSO use, click under **Users and groups** on **None selected**. ![sipgate-help-center-SSO-Microsoft12.png](/files/1afac2b5d1d3cc91cabe39b4350a6fb1faf654fa) Here you have the option to select the groups or users for your SSO application. ![sipgate-help-center-SSO-Microsoft13.png](/files/2b76f4b853eb2f32cc9cbf20e3c14a56be8702d0) In the final step, click on **Assign.** ![sipgate-help-center-SSO-Microsoft14.png](/files/7195150c758553e3bf7643afc7041d6f314a770c) {% endstep %} {% step %} **Enable SSO at sipgate** Once you have successfully completed these steps, the interface between sipgate and Microsoft should be set up. You can then activate the SSO login via the toggle in sipgate. ![sipgate help center SSO7.3.png](/files/38dab78462641afbd757a7da853048c8733600f4) {% endstep %} {% endstepper %} #### Errors and solutions
Error message: "An error has occurred. Please try again. Back to login." **Cause**: The sipgate web user with Microsoft SSO was deleted and created as a new sipgate web user. In the Microsoft SSO database, the old sipgate web user is still linked.\ **Workaround**: ask sipgate support to delete the Microsoft SSO entry so that the next Microsoft SSO login works.\ **Solution**: We are working on a solution so that when a sipgate web user is deleted, the Microsoft SSO deletion is also carried out.\ \ **Error**: SSO login does not work with the error “AADSTS750054: SAMLRequest or SAMLResponse must be present as query string parameters in HTTP request for SAML Redirect binding.”\ **Cause**: unknown\ **Suggested solution**: Open in the browser, e.g. Chrome [sipgate.de](http://sipgate.de) , via F12 switch to the **Network** tab, then log in to sipgate via SSO and look in the network tab for the POST request to our ACS URL (contains `sipgate-sso-` and the customer number), and send us the SAMLResponse there via sipgate support
--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.sipgate.de/cloud-telefonanlage/en/account-management/login/wie-richte-ich-saml-sso-mit-microsoft-ein.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.