> ## Documentation Index
> Fetch the complete documentation index at: https://docs.zenzap.co/llms.txt
> Use this file to discover all available pages before exploring further.

# SAML Configuration

> How to setup SAML SSO with your identity provider

<Tabs>
  <Tab title="Microsoft Entra ID">
    ## Setup SAML with Microsoft Entra ID (Azure AD)

    1. Login to your Microsoft Azure portal and search for "Entra ID" in the search bar and click "Microsoft Entra ID" from the search results.
           <img src="https://mintcdn.com/zenzap/r8Y4VlP7S5tJQ2KC/images/saml_microsoft_enter_entra_id.png?fit=max&auto=format&n=r8Y4VlP7S5tJQ2KC&q=85&s=b6f2ad2e70f1a86c0d1781b4070cb482" alt="Enter Entra ID" width="1207" height="739" data-path="images/saml_microsoft_enter_entra_id.png" />

    2. Click on "Enterprise applications" from the left side menu.
           <img src="https://mintcdn.com/zenzap/r8Y4VlP7S5tJQ2KC/images/saml_microsoft_enterprise_applications.png?fit=max&auto=format&n=r8Y4VlP7S5tJQ2KC&q=85&s=e68f84c9163d84a25400866d42ce3fef" alt="Select Enterprise Applications" width="473" height="750" data-path="images/saml_microsoft_enterprise_applications.png" />

    3. Click "New Application" and select "Create your own application"
           <img src="https://mintcdn.com/zenzap/r8Y4VlP7S5tJQ2KC/images/saml_microsoft_new_application.png?fit=max&auto=format&n=r8Y4VlP7S5tJQ2KC&q=85&s=e19da46a4060d21415d26b8f2fc82bef" alt="New Application" width="700" height="351" data-path="images/saml_microsoft_new_application.png" />
           <img src="https://mintcdn.com/zenzap/r8Y4VlP7S5tJQ2KC/images/saml_microsoft_create_your_own.png?fit=max&auto=format&n=r8Y4VlP7S5tJQ2KC&q=85&s=2731d2dd0204eb7426ea408cabc3f2da" alt="Create Your Own" width="700" height="229" data-path="images/saml_microsoft_create_your_own.png" />

    4. Enter the name of your application and click "Create"
           <img src="https://mintcdn.com/zenzap/r8Y4VlP7S5tJQ2KC/images/saml_microsoft_name_your_app.png?fit=max&auto=format&n=r8Y4VlP7S5tJQ2KC&q=85&s=fd263dc7373f4144d81dc0bfe3f2528f" alt="Name Your App" width="1162" height="744" data-path="images/saml_microsoft_name_your_app.png" />

    5. In the new app, click on "Single sign-on" from the left side menu and select "SAML"
           <img src="https://mintcdn.com/zenzap/r8Y4VlP7S5tJQ2KC/images/saml_microsoft_setup_sso.png?fit=max&auto=format&n=r8Y4VlP7S5tJQ2KC&q=85&s=4246a15f37738216422b255cd5050491" alt="Setup Single Sign-on" width="1600" height="727" data-path="images/saml_microsoft_setup_sso.png" />
           <img src="https://mintcdn.com/zenzap/r8Y4VlP7S5tJQ2KC/images/saml_microsoft_select_saml.png?fit=max&auto=format&n=r8Y4VlP7S5tJQ2KC&q=85&s=bdd7837cbceecc80d37e1e38e8a17357" alt="Select SAML" width="1600" height="841" data-path="images/saml_microsoft_select_saml.png" />

    6. Click on "Edit" and enter the following values:

       * Identifier (Entity ID): `https://zenzap.co`
       * Reply URL (Assertion Consumer Service URL): `https://prod-api.zenzap.co/sso/saml/callback`\\
             <img src="https://mintcdn.com/zenzap/r8Y4VlP7S5tJQ2KC/images/saml_microsoft_basic.png?fit=max&auto=format&n=r8Y4VlP7S5tJQ2KC&q=85&s=18ad0abf1e0e19c9ee421acc5ae1374d" alt="Basic SAML Configuration" width="1674" height="494" data-path="images/saml_microsoft_basic.png" />

    7. Click "Save"

    8. Click on "User Attributes & Claims" from the left side menu and click "Add new claim"
       * `displayName` - recommended to be the user first name + last name
       * `email` - recommended to be the user email
       * `id` - `user.objectid`
             <img src="https://mintcdn.com/zenzap/r8Y4VlP7S5tJQ2KC/images/saml_microsoft_claims.png?fit=max&auto=format&n=r8Y4VlP7S5tJQ2KC&q=85&s=6c840073324ccbe9f513daaeab90f36a" alt="User Attributes & Claims Configuration" width="1606" height="362" data-path="images/saml_microsoft_claims.png" />

    9. Download the certificate (base64) and save it.
           <img src="https://mintcdn.com/zenzap/r8Y4VlP7S5tJQ2KC/images/saml_microsoft_download_certificate.png?fit=max&auto=format&n=r8Y4VlP7S5tJQ2KC&q=85&s=5429520820090c289d7d7c87ddc02c37" alt="Download Certificate" width="1580" height="500" data-path="images/saml_microsoft_download_certificate.png" />

    10. Configure SAML in Zenzap:

    * Go to your [Zenzap account](https://app.zenzap.co) and navigate to Admin → Organization
    * Under "Single sign on (SSO)", select SAML
    * Enter the following values from your Azure AD SAML configuration page:
      * **SAML SSO URL**: Format `https://login.microsoftonline.com/xxxxxx/saml2`
      * **Identity Provider Issuer**: Format `https://sts.windows.net/xxxx`
    * Upload the certificate you downloaded in step 9
    * Enter **Service Provider Entity ID** as `https://zenzap.co`
    * Click "Save"

    ## User Groups (App Roles)

    Configure user roles to control access levels within Zenzap.

    1. In Entra ID: Go to app registration → *Application Name* → App roles
           <img src="https://mintcdn.com/zenzap/r8Y4VlP7S5tJQ2KC/images/saml_microsoft_app_roles_configure.png?fit=max&auto=format&n=r8Y4VlP7S5tJQ2KC&q=85&s=b421e1d685d605a376e72f59fb20be1d" alt="Configure App Roles" width="1600" height="1067" data-path="images/saml_microsoft_app_roles_configure.png" />

    2. Create new app roles. Zenzap supports 2 app role values: `admin` and `user`
           <img src="https://mintcdn.com/zenzap/r8Y4VlP7S5tJQ2KC/images/saml_microsoft_app_roles_value.png?fit=max&auto=format&n=r8Y4VlP7S5tJQ2KC&q=85&s=b6a63608c813918d936bc65f4ea02073" alt="Configure App Roles" width="1202" height="1346" data-path="images/saml_microsoft_app_roles_value.png" />

    3. Assign the app roles to the users/groups
           <img src="https://mintcdn.com/zenzap/r8Y4VlP7S5tJQ2KC/images/saml_microsoft_app_roles_assign.png?fit=max&auto=format&n=r8Y4VlP7S5tJQ2KC&q=85&s=faf7547dbbba62da789bede308d8a8aa" alt="Assign App Roles" width="1600" height="1210" data-path="images/saml_microsoft_app_roles_assign.png" />
  </Tab>

  <Tab title="Okta">
    ## Setup SAML with Okta

    1. Login to your Okta Admin Console and go to Applications → Applications.
           <img src="https://mintcdn.com/zenzap/r8Y4VlP7S5tJQ2KC/images/saml_okta_applications.png?fit=max&auto=format&n=r8Y4VlP7S5tJQ2KC&q=85&s=e45d391fd9f7f41533fe6eab326271a1" alt="Okta Applications" width="3662" height="1780" data-path="images/saml_okta_applications.png" />

    2. Click "Create App Integration" and select "SAML 2.0", then click Next.
           <img src="https://mintcdn.com/zenzap/r8Y4VlP7S5tJQ2KC/images/saml_okta_create_app.png?fit=max&auto=format&n=r8Y4VlP7S5tJQ2KC&q=85&s=b06e841724d7bce2b8dbe9ec159a477f" alt="Create App Integration" width="3700" height="1982" data-path="images/saml_okta_create_app.png" />

    3. Enter a name for your application (e.g., "Zenzap") and click Next.

    4. Configure the SAML settings:
       * **Single sign-on URL**: `https://prod-api.zenzap.co/sso/saml/callback`
       * **Audience URI (SP Entity ID)**: `https://zenzap.co`
       * **Name ID format**: EmailAddress
       * **Application username**: Email
             <img src="https://mintcdn.com/zenzap/r8Y4VlP7S5tJQ2KC/images/saml_okta_configure_saml.png?fit=max&auto=format&n=r8Y4VlP7S5tJQ2KC&q=85&s=c7fa7eba6503940cb0583063eedb3594" alt="Configure SAML" width="2320" height="1562" data-path="images/saml_okta_configure_saml.png" />

    5. Add attribute statements:
       * `displayName` → `user.profile.firstName + " " + user.profile.lastName`
       * `email` → `user.profile.email`
       * `id` → `user.profile.login`
             <img src="https://mintcdn.com/zenzap/r8Y4VlP7S5tJQ2KC/images/saml_okta_attribute_statements.png?fit=max&auto=format&n=r8Y4VlP7S5tJQ2KC&q=85&s=75869cf60a76cbdc56f534570605c287" alt="Attribute Statements" width="1494" height="876" data-path="images/saml_okta_attribute_statements.png" />

    6. Click Next and Finish to create the application.

    7. Go to the "Sign On" tab and copy the following values:
       * **Sign on URL** (SAML SSO URL)
       * **Issuer** (Identity Provider Issuer)
       * Download the **Signing Certificate**
             <img src="https://mintcdn.com/zenzap/r8Y4VlP7S5tJQ2KC/images/saml_okta_sign_on_settings.png?fit=max&auto=format&n=r8Y4VlP7S5tJQ2KC&q=85&s=4bf825ca21cf30480ba2f866a25c2097" alt="Sign On Settings" width="1796" height="1718" data-path="images/saml_okta_sign_on_settings.png" />

    8. Configure SAML in Zenzap:
       * Go to your [Zenzap account](https://app.zenzap.co) and navigate to Admin → Organization
       * Under "Single sign on (SSO)", select SAML
       * Enter the values from Okta:
         * **SAML SSO URL**: The Sign on URL from step 7
         * **Identity Provider Issuer**: The Issuer from step 7
       * Upload the certificate you downloaded
       * Enter **Service Provider Entity ID** as `https://zenzap.co`
       * Click "Save"
             <img src="https://mintcdn.com/zenzap/r8Y4VlP7S5tJQ2KC/images/saml_okta_zenzap_config.png?fit=max&auto=format&n=r8Y4VlP7S5tJQ2KC&q=85&s=e63a31f5a551cd6df6bfda1af0ad37de" alt="Zenzap SAML Config" width="3756" height="1862" data-path="images/saml_okta_zenzap_config.png" />
  </Tab>
</Tabs>
