# Setting up Entra ID Pynt supports setting up external identity provider (IdP) for authentication, such as Microsoft Entra ID. This allows organizations using Entra ID to control how their employees access Pynt and remove their need to manage any credentials. The high-level steps to set SSO (Single Sign-On) with Entra ID are: 1. Add Pynt as an enterprise application in Entra 2. Set up SSO in Pynt 3. Assign users/groups the Pynt application ## Requirements * Verify you have administrator privileges in your Microsoft Entra subscription. * Verify you are an admin on Pynt and your organization has an active Enterprise license. ## Step 1: Add Pynt as an enterprise application in Entra 1. Login to [Entra ID Admin Center](https://entra.microsoft.com/), and navigate to **Applications > Enterprise applications**. 2. Click on **New Application** and then choose **Create your own application:**![](/files/2OlziFxQPZwi8c2S9Bt7) 3. Use `Pynt` for the app name, and choose the *Integrate any other application you don't find in the gallery (Non-gallery)* option. Click **Create**: ![](/files/YXavpDk5oMpMXPFJ3fCF) 4. In your new app's overview, navigate to **Single sign-on** and choose **SAML** as the single sign-on method: ![](/files/rUuIg4bwbNfcixABBDmQ)![](/files/JGKcuuzV6LwT29W2a9n4) 5. **Edit** the **Basic SAML Configuration** and use the details from Pynt's [User Management](https://app.pynt.io/dashboard/settings/users-management) page. Once finished, click **Save**. ![](/files/tozdZjczOob5VEPdORSY) * **Identifier (Entity ID)** - `Audience` * Reply URL (Assertion Consumer Service URL) - `Assertion Consumer Services (ACS) URL` 6. Once saved, scroll to **SAML Certificates**, **Download** and save the **Federation Metadata XML** in your computer (we will use it in Step 2). ## Step 2: Set up SSO in Pynt Mail [support@pynt.io](mailto:support@pynt.io?subject=SSO+Setup) the `Pynt.xml` file (**Federation Metadata XML**) from the first step and ask to finalize the setup on Pynt's side. If you want to limit specific domains for your organization (such as `@company.com`), include the list of these domains in your request. ## Step 3: Assign users/groups the Pynt application Once the setup is finalized, you can assign users/groups to the newly created Pynt application. Read more about assigning users/groups to applications in [Microsoft's documentation](https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/assign-user-or-group-access-portal). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.pynt.io/documentation/account-management/single-sign-on-sso/setting-up-entra-id.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.