> ## Documentation Index
> Fetch the complete documentation index at: https://docs.siderolabs.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Configure Entra ID for Omni

> Set up Microsoft Entra ID (Azure AD) as a SAML identity provider for Omni.

This guide walks through registering Omni as a SAML application in Microsoft Entra ID and collecting the metadata URL needed to complete the Omni configuration.

## Step 1: Create a new enterprise application

In the Azure portal, navigate to **Enterprise Applications** and click **New Application**. Search for **Entra SAML Toolkit**, optionally rename the application to something more descriptive, then click **Create**.

## Step 2: Configure Single Sign-On

Under the **Manage** section of the application, select **Single sign-on**, then choose **SAML** as the sign-on method.

In the **Basic SAML Configuration** section, enter the following URLs and click **Save**.

| Field                                      | Value                                 |
| ------------------------------------------ | ------------------------------------- |
| Identifier (Entity ID)                     | `https://<omni-domain>/saml/metadata` |
| Reply URL (Assertion Consumer Service URL) | `https://<omni-domain>/saml/acs`      |
| Sign on URL                                | `https://<omni-domain>/login`         |

Replace `<omni-domain>` with the domain name of your Omni instance.

## Step 3: Copy the App Federation Metadata URL

In the **SAML Signing Certificate** section, copy the **App Federation Metadata URL**. You will need this when configuring Omni in the next section.

## Step 4: Assign users and groups

Under the **Manage** section of the application, select **Users and groups**. Add any users or groups that should have access to your Omni environment.