> ## Documentation Index
> Fetch the complete documentation index at: https://ngrok.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Microsoft Entra ID SSO (SAML)

> Use Microsoft Entra ID SAML to secure access to the ngrok Dashboard with single sign-on (SSO).

This guide walks you through configuring Microsoft Entra ID as the primary Identity Provider for the ngrok Dashboard.
By integrating Microsoft Entra ID with ngrok, you can:

* Restrict access to the ngrok Dashboard to only users authenticated via Microsoft Entra ID
* Use Microsoft Entra ID's dashboard to facilitate access to the ngrok app

## What you'll need

* An ngrok account with administrative rights to modify account settings.
* An ngrok Pay-as-you-go account with access to configure SAML SSO.

## 1. Configure Microsoft Entra ID

### Create the ngrok app in Microsoft Entra ID

* Access your Microsoft Entra ID dashboard as an administrator.
* Click **Enterprise Applications**.
* Click **New application** > **Create your own application**.
* Provide a name for the app (for example, ngrok Dashboard) and choose the **Non-gallery** option and click **Create**.
* Select **Single sign-on**, and then choose **SAML**.
* Enter temporary values for **Identifier** and **Reply URL** and set **Unique User Identifier** to `user.mail`:
  * **Identifier (Entity ID)**: `https://temporary`
  * **Reply URL (Assertion Consumer Service URL)**: `https://temporary`
  * **Unique User Identifier**: `user.mail`

<Tip>
  **Note**

  This value can differ based on setup.
  It is required that this user property value is an email address.
</Tip>

### Download the IdP metadata

From the **Single sign-on** section on the ngrok Dashboard app, click the **Download** option for **Federation Metadata XML** and download the metadata XML.

### Grant access to users and groups

Microsoft Entra ID allows administrators to restrict access to SSO apps such as the ngrok Dashboard via assignments.
By default, apps created in Microsoft Entra ID have no assignments; nobody can use Microsoft Entra ID SSO to access the ngrok Dashboard until you assign them to the app.
To assign users and groups to the ngrok Dashboard app:

* Navigate to **Users and groups** in the application.
* Use the **Add user/group** button to associate groups and users with the ngrok app.
  To test SSO with ngrok, make sure you're assigned to the app.

## 2. Configure ngrok

### ngrok dashboard SSO

To configure ngrok Dashboard SSO with Microsoft Entra ID:

* Go to the [ngrok Dashboard](https://dashboard.ngrok.com).
* Click **Settings** > **Account**.
* In the **Single Sign-On (SSO)** section, click **New Identity Provider** > **New SAML Provider**.
* On the SAML Provider settings, provide a **Description** and click **Upload XML**.
* Select your metadata file saved from the steps above and click **Save**.
* After you save, the SP Metadata will appear.
  Copy these values into the Microsoft Entra ID ngrok Dashboard app **Single sign-on** settings where temporary values were placed above.
* Save the changes in Microsoft Entra ID.

## 3. Test the integration

* Navigate to the Microsoft Entra ID ngrok Dashboard app **Single sign-on** settings.
* Scroll to the bottom of the settings and click **Test** > **Test sign in**.
* You should be redirected to the ngrok Dashboard.
  * If the current user is not a member of the ngrok account and JIT is enabled, the user will be prompted to join.
  * If the current user is already a member, they will be successfully authenticated into the ngrok Dashboard.
