> ## Documentation Index
> Fetch the complete documentation index at: https://docs.devinenterprise.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Azure AD SSO Setup

> Configure Single Sign-On with Azure AD (Entra ID)

<Note>Click on any image to enlarge it.</Note>

## Required Information

To enable Azure AD login for Devin, we will need to collect the following values:

* Client ID
* Tenant ID
* Client Secret
* Microsoft AD Domain
* Identity Provider Domains (i.e. all company email domains you'd like to support)

## Setup Instructions

To get the required information above, you will need to register an App Registration in Azure AD (Entra ID).

In the Entra ID portal, click on Add registration

<img src="https://mintcdn.com/cognitionai-enterprise/DmYrokVm9aKGrUsO/images/azureAD1.png?fit=max&auto=format&n=DmYrokVm9aKGrUsO&q=85&s=d7234bf5a3c9fbba87144d2365222989" alt="Azure AD Registration" width="2218" height="1638" data-path="images/azureAD1.png" />

Name the registration Devin AI. Select "Accounts in this organizational directory only". Set the Redirect URI as "[https://auth.devin.ai/login/callback](https://auth.devin.ai/login/callback)" (this is the only Redirect URI needed)

<img src="https://mintcdn.com/cognitionai-enterprise/DmYrokVm9aKGrUsO/images/azureAD2.png?fit=max&auto=format&n=DmYrokVm9aKGrUsO&q=85&s=285192fc843a9cab079596fa8d926c71" alt="Azure AD App Settings" width="1842" height="1460" data-path="images/azureAD2.png" />

Add the User.Read and Directory.Read.All permissions by selecting "API Permissions" and "Add a permission" to the Microsoft Graph API.

<img src="https://mintcdn.com/cognitionai-enterprise/DmYrokVm9aKGrUsO/images/azureAD5.png?fit=max&auto=format&n=DmYrokVm9aKGrUsO&q=85&s=31525563b21a20158bfe8f6568819f25" alt="Azure AD API Permissions" width="2798" height="1256" data-path="images/azureAD5.png" />

<img src="https://mintcdn.com/cognitionai-enterprise/DmYrokVm9aKGrUsO/images/azureAD6.png?fit=max&auto=format&n=DmYrokVm9aKGrUsO&q=85&s=94c7f690b37dc19501b5af6dac7a146c" alt="Azure AD Graph Permissions" width="2780" height="1440" data-path="images/azureAD6.png" />

## Collecting the Required Values

You can get the Client ID and Tenant ID from the Overview page.

<img src="https://mintcdn.com/cognitionai-enterprise/DmYrokVm9aKGrUsO/images/azureAD7.png?fit=max&auto=format&n=DmYrokVm9aKGrUsO&q=85&s=66f787fc382bf359a099a9af5a94a558" alt="Azure AD Overview Page" width="2360" height="806" data-path="images/azureAD7.png" />

The Microsoft AD Domain can be found by selecting the "Manifest" page and looking for "publisherDomain"

<img src="https://mintcdn.com/cognitionai-enterprise/DmYrokVm9aKGrUsO/images/azureAD8.png?fit=max&auto=format&n=DmYrokVm9aKGrUsO&q=85&s=00103842106a2ee761dc52ea09a6c60a" alt="Azure AD Manifest" width="2994" height="1656" data-path="images/azureAD8.png" />

Add a client secret by selecting "Certificates & secrets." Select "New client secret" and copy the secret VALUE (not the secret ID) as Client Secret

<img src="https://mintcdn.com/cognitionai-enterprise/DmYrokVm9aKGrUsO/images/azureAD9.png?fit=max&auto=format&n=DmYrokVm9aKGrUsO&q=85&s=d7071ba8ecc5f574ea02a40e1821f8ec" alt="Azure AD Client Secret" width="2990" height="1206" data-path="images/azureAD9.png" />

## Send to Cognition

Send the following values to Cognition:

* Client ID
* Tenant ID
* Client Secret
* Microsoft AD Domain
* Identity Provider Domains (i.e. all company email domains you'd like to support)