# Single sign-on Single sign-on allows users to sign into your Kumu Enterprise instance using your existing SAML 2.0 identity provider. Here are a few links to the documentation for common providers: * [Microsoft Azure](https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications) * [Google Suite](https://support.google.com/a/answer/6087519?hl=en) SSL must be enabled to use SSO to log into your instance. When setting up your app, you can use `Kumu` as the app name, and for the Entity ID, you should enter the following, replacing `example` with the subdomain of your instance: ``` https://example.kumuenterprise.com ``` For the Reply URL (Azure) or ACS URL (Google Suite), use the following, once again replacing `example` with the subdomain of your instance: ``` https://example.kumuenterprise.com/sso/saml/consume ``` Set the name identifier to `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent` and provide attribute assertions for `email`, `firstName`, `lastName`, and `username`. If you do not provide a username one will be generated automatically from the email address. If you are using Enterprise Cloud, please provide Kumu with the following so we can configure your instance for you: * entity ID * service URL * base-64 encoded public certificate If you are self-hosting, please visit and sign in with your admin account. From your SSO provider, you can get an entity ID, service URL, and a base-64 encoded public certificate. Check the box to enable SSO for your enterprise instance and copy/paste those items into your instance's settings: ![Kumu Enterprise SSO settings](/files/txp2D9dUozSgPeijhdv8) With Kumu and your SSO provider configured, you can use your SSO provider to give users access to Kumu. Users can begin the sign-in flow by visiting the url below and clicking the "Sign in via single sign-on (SSO)" button: ``` https://example.kumuenterprise.com/login ``` ## Single sign-on with Azure If Microsoft Azure is your single sign-on provider, you can follow the instructions below to set up. 1. Click the "Azure Active Directory" button in the sidebar ![Azure SSO step 01](/files/lXOgaQ1ikd0GBpfKqGfM) 2. Click "Enterprise Applications" ![Azure SSO step 02](/files/NSeKk4KdUMYnaC2Y8I8q) 3. Click "+ New Application" ![Azure SSO step 03](/files/5IhytdCDkCFb03StRoqU) 4. Click "Non-gallery application" ![Azure SSO step 04](/files/wJ3FQxTfSIGxFqlxrnGx) 5. Enter "Kumu" for the name of the application ![Azure SSO step 05](/files/kyZMJ7eJQfnkBRkM3khm) 6. Click "Configure single sign-on" ![Azure SSO step 06](/files/RCW1jJTrwJgIY2aLuvjx) 7. Select "SAML-based Sign-on" ![Azure SSO step 07](/files/oKwKevJALWuxSAio5Ysz) 8. Enter the "Kumu Domain and URLs" for your organization (provided by Kumu) ![Azure SSO step 08](/files/iuZuLgfnggTy5qgXwLJh) 9. Select "user.mail" for the user identifier ![Azure SSO step 09](/files/RXxnJ1hB1OSrWfaYnC8c) 10. Download the SAML signing certificate (Base 64) ![Azure SSO step 10](/files/vdHaSlhwlYrN5kS8MkMQ) 11. Click "Configure Kumu" ![Azure SSO step 11](/files/9z2FIYQ3Wr5fuD0AKnG5) 12. Copy the service url, entity id, and public certificate over to your organization's SSO settings in Kumu: ![Azure SSO step 12](/files/vVWUcNabjtyYx7gFxYeZ) ![Azure SSO step 12.5](/files/GZZ84p8wRiEcckqhPHsZ) 13. Within Azure AD, assign users to the Kumu app you just created to enable SSO ![Azure SSO step 13](/files/hKe8DW1Wi131ubLYCLqc) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.kumu.io/enterprise/single-sign-on.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.