> ## Documentation Index
> Fetch the complete documentation index at: https://docs.devin.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Azure AD SSO Setup

> Configure Single Sign-On with Azure AD (Entra ID)

<Note>Click on any image to enlarge it.</Note>

## Required Information

To enable Azure AD login for Devin, we will need to collect the following values:

* Client ID
* Tenant ID
* Client Secret
* Microsoft AD Domain
* Identity Provider Domains (i.e. all company email domains you'd like to support)

## Setup Instructions

To get the required information above, you will need to register an App Registration in Azure AD (Entra ID).

In the Entra ID portal, click on Add registration

<img src="https://mintcdn.com/cognitionai/SST7qBOGO28X2sVc/images/azureAD1.png?fit=max&auto=format&n=SST7qBOGO28X2sVc&q=85&s=4b3b1a94f2e34a07244adec63c255853" alt="Azure AD Registration" width="2218" height="1638" data-path="images/azureAD1.png" />

Name the registration Devin AI. Select "Accounts in this organizational directory only". Set the Redirect URI as "[https://auth.devin.ai/login/callback](https://auth.devin.ai/login/callback)" (this is the only Redirect URI needed)

<img src="https://mintcdn.com/cognitionai/SST7qBOGO28X2sVc/images/azureAD2.png?fit=max&auto=format&n=SST7qBOGO28X2sVc&q=85&s=83e7fc736cb85c79bd2a5e65b4145357" alt="Azure AD App Settings" width="1842" height="1460" data-path="images/azureAD2.png" />

Add the User.Read and Directory.Read.All permissions by selecting "API Permissions" and "Add a permission" to the Microsoft Graph API.

<img src="https://mintcdn.com/cognitionai/SST7qBOGO28X2sVc/images/azureAD5.png?fit=max&auto=format&n=SST7qBOGO28X2sVc&q=85&s=edb34267a9916dc15c9b6ece929fcdd5" alt="Azure AD API Permissions" width="2798" height="1256" data-path="images/azureAD5.png" />

<img src="https://mintcdn.com/cognitionai/SST7qBOGO28X2sVc/images/azureAD6.png?fit=max&auto=format&n=SST7qBOGO28X2sVc&q=85&s=93d5454c01258e6b1aade3edd2edc89c" alt="Azure AD Graph Permissions" width="2780" height="1440" data-path="images/azureAD6.png" />

## Collecting the Required Values

You can get the Client ID and Tenant ID from the Overview page.

<img src="https://mintcdn.com/cognitionai/SST7qBOGO28X2sVc/images/azureAD7.png?fit=max&auto=format&n=SST7qBOGO28X2sVc&q=85&s=ecb2bb8608f0b68f767d353328cfe61a" alt="Azure AD Overview Page" width="2360" height="806" data-path="images/azureAD7.png" />

The Microsoft AD Domain can be found by selecting the "Manifest" page and looking for "publisherDomain"

<img src="https://mintcdn.com/cognitionai/SST7qBOGO28X2sVc/images/azureAD8.png?fit=max&auto=format&n=SST7qBOGO28X2sVc&q=85&s=391b1ec12b3b1cc41babeb2b0e8c1e6b" alt="Azure AD Manifest" width="2994" height="1656" data-path="images/azureAD8.png" />

Add a client secret by selecting "Certificates & secrets." Select "New client secret" and copy the secret VALUE (not the secret ID) as Client Secret

<img src="https://mintcdn.com/cognitionai/SST7qBOGO28X2sVc/images/azureAD9.png?fit=max&auto=format&n=SST7qBOGO28X2sVc&q=85&s=49c0545d34d79fbb25eb1f6fbbba27c6" alt="Azure AD Client Secret" width="2990" height="1206" data-path="images/azureAD9.png" />

## Send to Cognition

Send the following values to Cognition:

* Client ID
* Tenant ID
* Client Secret
* Microsoft AD Domain
* Identity Provider Domains (i.e. all company email domains you'd like to support)