 Hey folks! We are answering frequently asked questions from the Octa Customer Identity Cloud community and today we are going to discuss how to set up Azure AD as a SAML Enterprise connection. Let's get started. Using a SAML type connection with Azure is considered the most flexible of the available connection types because it supports optional claims and federated logouts. If you need both of these features, SAML is the only connection type that supports both simultaneously. We are going to start on the Azure side. Open Enterprise Applications and click on New Application. Now, we are going to click on Create your own application. Provide a name for the application. Under the What are you looking to do with your application section, I will leave this set to Integrate any other application you don't find in the gallery, non-gallery, and then click Create. Now, we will set up single sign-on. For the Select a single sign-on method, click on SAML. Edit the basic SAML configuration under Step 1. Add the identifier as earn colon, auth zero colon, tenant name colon, connection name. At this point, we don't have a connection created on the auth zero side, so we will choose our name for that here. In this example, we'll name this connection Azure via SAML. Next is the Reply URL or Assertion Consumer Service URL. Enter your URL for your auth zero domain and include login slash callback, and we'll include a connection parameter equaling the name that we're going to set up for our auth zero connection. Click Save. Download the base 64 certificate under Step 3, SAML certificates. Copy the login URL value from Step 4. Now, we are ready to create the connection on the auth zero side. On the dashboard, go to Authentication, Enterprise, select SAML, and create a connection. Make sure to use the same name that was used on the Azure side. We are going to set the sign in URL and the sign out URL to the value that we copied previously on the Azure side. Upload the X509 signing certificate that we downloaded from the Azure side and click on Create. Before we test this connection, we need to enable at least one application. On the Applications tab, enable an application. Then we can go back out here to our list of SAML connections. Click on the three dots and then click on Try and you will see a confirmation that it worked. So now that we have our SAML connection with Azure, let's look into how we can map some additional attributes on the Azure side to the auth zero profile. First, we will want to make sure that the advanced setting, sync user profile attributes at each login is enabled. This will make it so that if any attribute values change on the Azure side, they will be updated on the auth zero profile on their next login. Next, we can go back to the Azure page for our application and click on Setup single sign on. Then we will go to the second section, named Attributes and Claims, and click on Edit. We can see that there are already claims being sent by default, but let's say we wanted to include the company name as another claim. We will click on Add New Claim and give it a name. Fill in the standard namespace URI. Click on the drop-down list for the source attribute and click on user.companyname and click Save. On the auth zero side, select the Mappings tab and click the Show Full Mappings example. We will see that many claims are mapped by default on the auth zero side, but the company name is not, so we will need to add that in the section above. On the left side, we will put what we want the name of the attribute to be on the auth zero profile. On the right side, we will put the name of the incoming SAML attribute and click Save. Now, when users log in, if they have a company name associated with their Azure profile, it will come through and be matched to the auth zero profile. Today, we looked at how to set up Azure AD as a SAML Enterprise connection. If you found this video helpful, please like and subscribe to us on YouTube and join us for more content on community.authzero.com.