> ## Documentation Index
> Fetch the complete documentation index at: https://docs.beam.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Azure SSO Setup

> Configure Azure Single Sign-On integration with Beam AI platform for enterprise authentication

Configure Single Sign-On (SSO) with Azure Entra ID (formerly Azure Active Directory) to enable your team to access Beam using your organization's existing credentials.

## Prerequisites

Before configuring SSO, ensure you have:

* Administrative access to Microsoft Entra ID
* Administrative access to your Beam workspace
* Access to your organization's Azure tenant

<Info>
  **Authentication Method**: Beam uses SAML 2.0 for SSO integration with Azure Entra ID. This guide walks through the complete setup process in both Azure and Beam.
</Info>

## Configure Azure Entra ID

<Steps>
  <Step title="Go to Microsoft Entra ID">
    Log into the Azure Portal and navigate to **Microsoft Entra ID**.
  </Step>

  <Step title="On left Side bar you will see Enterprise Application open it">
    <Frame>
      <img src="https://mintcdn.com/beamai/tUbNiSLV6K1eNRa9/images/team-management-sso/1.png?fit=max&auto=format&n=tUbNiSLV6K1eNRa9&q=85&s=4cef896c4c6e82f2275d64e67a827754" alt="Enterprise Application" width="568" height="1254" data-path="images/team-management-sso/1.png" />
    </Frame>
  </Step>

  <Step title="Now click on a new application">
    <Frame>
      <img src="https://mintcdn.com/beamai/tUbNiSLV6K1eNRa9/images/team-management-sso/2.png?fit=max&auto=format&n=tUbNiSLV6K1eNRa9&q=85&s=9bc30ae4dc537d4f167346b3df01d88e" alt="New application" width="1600" height="212" data-path="images/team-management-sso/2.png" />
    </Frame>
  </Step>

  <Step title="Click on Create your own Application on side bar select option 3 and set application name">
    <Frame>
      <img src="https://mintcdn.com/beamai/tUbNiSLV6K1eNRa9/images/team-management-sso/3.png?fit=max&auto=format&n=tUbNiSLV6K1eNRa9&q=85&s=023fb93ae53fe9d193be4f638ba6d8d4" alt="Create your own Application" width="1600" height="212" data-path="images/team-management-sso/3.png" />
    </Frame>
  </Step>

  <Step title="Now application is created click on option 2. Set up single sign on">
    <Frame>
      <img src="https://mintcdn.com/beamai/tUbNiSLV6K1eNRa9/images/team-management-sso/4.png?fit=max&auto=format&n=tUbNiSLV6K1eNRa9&q=85&s=a6bf8f0827afe3670fe3787c78cab0f3" alt="Set up single sign on" width="3816" height="794" data-path="images/team-management-sso/4.png" />
    </Frame>
  </Step>

  <Step title="Now open single sign on from the left bar and choose SAML">
    <Frame>
      <img src="https://mintcdn.com/beamai/tUbNiSLV6K1eNRa9/images/team-management-sso/5.png?fit=max&auto=format&n=tUbNiSLV6K1eNRa9&q=85&s=abbfc4918431630114bbaf2f612dc8a4" alt="Choose SAML" width="3814" height="1488" data-path="images/team-management-sso/5.png" />
    </Frame>
  </Step>

  <Step title="Now edit basic SAML Configuration">
    **Identifier (Entity ID)**:

    ```
    urn:production:sp:beam:<workspaceID>
    ```

    **Reply URL**:

    ```
    https://app.beam.ai/api/auth/saml/callback
    ```

    <Frame>
      <img src="https://mintcdn.com/beamai/tUbNiSLV6K1eNRa9/images/team-management-sso/6.png?fit=max&auto=format&n=tUbNiSLV6K1eNRa9&q=85&s=00aa63830482bf169890e78bdb8c57b8" alt="Basic SAML Configuration" width="1600" height="728" data-path="images/team-management-sso/6.png" />
    </Frame>
  </Step>

  <Step title="Add these attributes and claims">
    <Frame>
      <img src="https://mintcdn.com/beamai/tUbNiSLV6K1eNRa9/images/team-management-sso/7.png?fit=max&auto=format&n=tUbNiSLV6K1eNRa9&q=85&s=c3a4cd1cb9a2bb58183e09d54c6d7c91" alt="Attributes and claims" width="1584" height="750" data-path="images/team-management-sso/7.png" />
    </Frame>
  </Step>

  <Step title="Download Federation Metadata XML and follow step 11">
    <Frame>
      <img src="https://mintcdn.com/beamai/tUbNiSLV6K1eNRa9/images/team-management-sso/8.png?fit=max&auto=format&n=tUbNiSLV6K1eNRa9&q=85&s=dcfbecd91da47fa7bfd70df09c856d0d" alt="Download Federation Metadata XML" width="1600" height="477" data-path="images/team-management-sso/8.png" />
    </Frame>
  </Step>
</Steps>

## Configure Beam Platform

<Steps>
  <Step title="Now go to app.beam.ai login into it open workspace settings from top left and click on SSO and do these entries and upload XML file">
    **Attribute Mappings**:

    ```
    email: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    family_name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
    name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    given_name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
    nickname: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nickname
    ```

    Upload the **Federation Metadata XML** file you downloaded from Azure.

    Click **Save** to enable SSO for your workspace.

    <Info>
      **SSO Activation**: Once saved, users can access Beam by clicking "Sign in with SSO" on the login page and entering their company email address.
    </Info>
  </Step>
</Steps>

## Testing Your SSO Setup

After configuration, test the SSO integration:

<Steps>
  <Step title="Test User Login">
    Log out of Beam (if currently logged in), navigate to [app.beam.ai](https://app.beam.ai), and click **Sign in with SSO**. Enter a user's company email address. The user should be redirected to Azure for authentication, then logged into Beam after successful Azure login.
  </Step>

  <Step title="Verify User Profile">
    Check that user profile information is correctly populated, verify email and name match the Azure profile, and confirm workspace access is granted appropriately.
  </Step>
</Steps>

## Troubleshooting

<AccordionGroup>
  <Accordion title="SSO login fails with 'Application not approved'">
    **Cause**: The Beam application may be blocked by your organization's Azure security policies.

    **Solution**:

    * Have an Azure administrator locate the Beam application in the Enterprise Applications list
    * Grant necessary permissions for the application
    * Ensure users or groups are assigned to the application
    * Verify the application is not blocked by Conditional Access policies
  </Accordion>

  <Accordion title="User attributes not mapping correctly">
    **Cause**: Attribute claim names in Azure don't match the expected format in Beam.

    **Solution**:

    * Verify the attribute mappings in Azure match exactly
    * Check that source attributes are available in user profiles
    * Re-download and re-upload the Federation Metadata XML file
    * Contact Beam support if issues persist
  </Accordion>

  <Accordion title="'Sign in with SSO' button not appearing">
    **Cause**: SSO configuration may not be saved correctly or needs time to propagate.

    **Solution**:

    * Verify SSO configuration is saved in Beam workspace settings
    * Wait 5-10 minutes for configuration to propagate
    * Clear browser cache and try again
    * Check that Federation Metadata XML was uploaded successfully
  </Accordion>

  <Accordion title="Users can't access Beam after Azure authentication">
    **Cause**: Users may not have workspace access or proper role assignments.

    **Solution**:

    * Ensure users are invited to the Beam workspace
    * Check user role assignments in workspace settings
    * Verify email addresses match between Azure and Beam invitations
    * Have users check spam/junk folders for invitation emails
  </Accordion>
</AccordionGroup>

## Next Steps

<CardGroup cols={2}>
  <Card title="Workspace Setup" icon="users" href="/01-getting-started/workspace-setup/workspace-setup">
    Configure workspace settings and invite team members
  </Card>

  <Card title="Quickstart Guide" icon="rocket" href="/01-getting-started/quickstart/quickstart">
    Build your first AI agent after SSO is configured
  </Card>
</CardGroup>