> For the complete documentation index, see [llms.txt](https://help.sipgate.de/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://help.sipgate.de/cloud-telefonanlage/en/account-management/login/wie-richte-ich-saml-sso-mit-microsoft-ein.md).
# How do I set up SAML SSO with Microsoft?
In this article you will receive a step-by-step guide to setting up SAML SSO, provided you use Microsoft as your identity provider. If you are looking for instructions for setting up the SSO login at sipgate,[ find them here.](https://help.sipgate.de/hc/de/articles/13437518031645-Wie-richte-ich-einen-SSO-Login-f%C3%BCr-mein-Unternehmen-ein-)
{% stepper %}
{% step %}
**Open Identity section**
In the first step, log in as an admin to your Microsoft account and select in the right-hand menu: **Show all -->** **Identity** out.
{% endstep %}
{% step %}
**Create application**
In the Entra Admin Center, go to the right-hand menu, select **Applications** and then click on **Create your own application**.
After a new window has opened on the right side, you can enter any name that should be included. **sipgate** The remaining settings can be left unchanged at the default settings. Finally, click the button **Create**.
{% endstep %}
{% step %}
**Choose SSO method**
The sipgate application has been created successfully. You can find it under **Applications --> Overview** find it. In the next step, go to **Set up SSO**.
Click under **Select SSO method** on **SAML**.
{% endstep %}
{% step %}
**Transfer IdP data**
In the next step, you will see an overview of the setup steps as well as all required data for configuring the SSO setup at sipgate. This data includes the **SSO URL**, the **Entity ID** and the **certificate**.
To transfer this data to your sipgate account, go to point 4 in the overview **Set up sipgate** and copy the following information: the **Login URL** (**SSO URL**) and the **Azure AD identifier** (**Entity ID**).
{% endstep %}
{% step %}
**Enter certificate**
In point 3 **SAML certificates** proceed as follows: Click on **Edit** and select **SAML signing certificate**. Then open the certificate's context menu and download the **Base64 certificate** .
Open the certificate with the default text editor (file with the extension '.cer'). Copy the text of the certificate from the editor and paste it into sipgate under **certificate** in.
{% endstep %}
{% step %}
**Enter SP data**
Go to point 1 **Basic SAML Configuration** and click **Edit**. Enter the following data from the SSO area in sipgate (Service Provider data) as follows: **Entity-Id --> Entity ID and ACS URL --> Reply URL (Assertion Consumer Service URL)** and click **Save**.
{% endstep %}
{% step %}
**Assign users**
In the next step, go to the left navigation menu and select **Users and groups** **-->** **Add user/group** out.
To select specific users or groups for SSO use, click under **Users and groups** on **None selected**.
Here you have the option to select the groups or users for your SSO application.
In the last step, click on **Assign.**
{% endstep %}
{% step %}
**Enable SSO at sipgate**
Once you have successfully completed these steps, the interface between sipgate and Microsoft should be set up. You can then activate the SSO login via the toggle at sipgate.
{% endstep %}
{% endstepper %}
#### Errors and solutions
Error message: "An error has occurred. Please try again. Back to login."
**Cause**: The sipgate web user with Microsoft SSO was deleted and recreated as a new sipgate web user. In the Microsoft SSO database, the old sipgate web user is still linked.\
**Workaround**: ask sipgate Support to delete the Microsoft SSO entry so that the next Microsoft SSO login works.\
**Solution**: We are working on a solution so that when a sipgate web user is deleted, the Microsoft SSO deletion is also performed.\
\
**Error**: SSO login does not work with error “AADSTS750054: SAMLRequest or SAMLResponse must be present as query string parameters in HTTP request for SAML Redirect binding.”\
**Cause**: unknown\
**Solution approach**: Open in the browser e.g. Chrome [sipgate.de](http://sipgate.de) open, via F12 on the **Network** tab, then log in to sipgate via SSO and in the network tab search for the POST request to our ACS URL (contains `sipgate-sso-` and the customer number), and send us the SAMLResponse there via sipgate Support
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:
```
GET https://help.sipgate.de/cloud-telefonanlage/en/account-management/login/wie-richte-ich-saml-sso-mit-microsoft-ein.md?ask=&goal=
```
`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.