# Single sign-on Single sign-on allows users to sign into your Kumu Enterprise instance using your existing SAML 2.0 identity provider. Here are a few links to the documentation for common providers: * [Microsoft Azure](https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications) * [Google Suite](https://support.google.com/a/answer/6087519?hl=en) SSL must be enabled to use SSO to log into your instance. When setting up your app, you can use `Kumu` as the app name, and for the Entity ID, you should enter the following, replacing `example` with the subdomain of your instance: ``` https://example.kumuenterprise.com ``` For the Reply URL (Azure) or ACS URL (Google Suite), use the following, once again replacing `example` with the subdomain of your instance: ``` https://example.kumuenterprise.com/sso/saml/consume ``` Set the name identifier to `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent` and provide attribute assertions for `email`, `firstName`, `lastName`, and `username`. If you do not provide a username one will be generated automatically from the email address. If you are using Enterprise Cloud, please provide Kumu with the following so we can configure your instance for you: * entity ID * service URL * base-64 encoded public certificate If you are self-hosting, please visit and sign in with your admin account. From your SSO provider, you can get an entity ID, service URL, and a base-64 encoded public certificate. Check the box to enable SSO for your enterprise instance and copy/paste those items into your instance's settings: ![Kumu Enterprise SSO settings](https://1181816445-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FkXSW1nEf49ISqGxYuRfS%2Fuploads%2Fgit-blob-e3fdbc6cebd5c55903b4f585a9ecaf4d3b26378f%2Fenterprise-sso.png?alt=media) With Kumu and your SSO provider configured, you can use your SSO provider to give users access to Kumu. Users can begin the sign-in flow by visiting the url below and clicking the "Sign in via single sign-on (SSO)" button: ``` https://example.kumuenterprise.com/login ``` ## Single sign-on with Azure If Microsoft Azure is your single sign-on provider, you can follow the instructions below to set up. 1. Click the "Azure Active Directory" button in the sidebar ![Azure SSO step 01](https://1181816445-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FkXSW1nEf49ISqGxYuRfS%2Fuploads%2Fgit-blob-7b31976c4250d4a55502ebb5558186df2fe86a91%2F01.png?alt=media) 2. Click "Enterprise Applications" ![Azure SSO step 02](https://1181816445-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FkXSW1nEf49ISqGxYuRfS%2Fuploads%2Fgit-blob-96ffcbcd3a18546211bc3a5a63d16c6dd016ae35%2F02.png?alt=media) 3. Click "+ New Application" ![Azure SSO step 03](https://1181816445-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FkXSW1nEf49ISqGxYuRfS%2Fuploads%2Fgit-blob-33a8c83f95993aea4f725af624955d13f89074c6%2F03.png?alt=media) 4. Click "Non-gallery application" ![Azure SSO step 04](https://1181816445-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FkXSW1nEf49ISqGxYuRfS%2Fuploads%2Fgit-blob-28a26eb52d98392431ce0927bad28e7352fa3632%2F04.png?alt=media) 5. Enter "Kumu" for the name of the application ![Azure SSO step 05](https://1181816445-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FkXSW1nEf49ISqGxYuRfS%2Fuploads%2Fgit-blob-e0dc2de61628ae959a9f0520a43889a897e1fc60%2F05.png?alt=media) 6. Click "Configure single sign-on" ![Azure SSO step 06](https://1181816445-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FkXSW1nEf49ISqGxYuRfS%2Fuploads%2Fgit-blob-b2142eb677e5cf7eb5e07b6341461cee0a14b389%2F06.png?alt=media) 7. Select "SAML-based Sign-on" ![Azure SSO step 07](https://1181816445-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FkXSW1nEf49ISqGxYuRfS%2Fuploads%2Fgit-blob-34db1a2f1e335e4a62fc2a720073e41f615771b9%2F07.png?alt=media) 8. Enter the "Kumu Domain and URLs" for your organization (provided by Kumu) ![Azure SSO step 08](https://1181816445-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FkXSW1nEf49ISqGxYuRfS%2Fuploads%2Fgit-blob-9813bd8d35fdb75c4fcf8672b2d2094b38af57e7%2F08.png?alt=media) 9. Select "user.mail" for the user identifier ![Azure SSO step 09](https://1181816445-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FkXSW1nEf49ISqGxYuRfS%2Fuploads%2Fgit-blob-002fd512fbef49c298c75c8f599d9c679a908edf%2F09.png?alt=media) 10. Download the SAML signing certificate (Base 64) ![Azure SSO step 10](https://1181816445-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FkXSW1nEf49ISqGxYuRfS%2Fuploads%2Fgit-blob-beba807477ed65f30f4e3df8c81367278f5f16c1%2F10.png?alt=media) 11. Click "Configure Kumu" ![Azure SSO step 11](https://1181816445-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FkXSW1nEf49ISqGxYuRfS%2Fuploads%2Fgit-blob-d493503764a6341084fdab15cd10c10c75610f01%2F11.png?alt=media) 12. Copy the service url, entity id, and public certificate over to your organization's SSO settings in Kumu: ![Azure SSO step 12](https://1181816445-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FkXSW1nEf49ISqGxYuRfS%2Fuploads%2Fgit-blob-e1371ce4808035a095555d78368b15f85cce7078%2F12.png?alt=media) ![Azure SSO step 12.5](https://1181816445-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FkXSW1nEf49ISqGxYuRfS%2Fuploads%2Fgit-blob-e3fdbc6cebd5c55903b4f585a9ecaf4d3b26378f%2F13.png?alt=media) 13. Within Azure AD, assign users to the Kumu app you just created to enable SSO ![Azure SSO step 13](https://1181816445-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FkXSW1nEf49ISqGxYuRfS%2Fuploads%2Fgit-blob-ad3227f6628dfa60ca3dc34d13a7098c0305fd0a%2F14.png?alt=media)