# Entra ID ## Requirements * Linux Control Center = 2.12.X or higher * Pre-configured Single Sign-On (SSO) Provider ## Overview Linux Control Center allows you to configure a Single Sign-On (SSO) provider for the Console, offering secure and convenient access. LCC supports authentication via LDAP and SAML. * See the image representing the authentication flow. ![](/files/lbH6Yu9dBlM5C4mWL39f) ## Objective The objective of this document is to provide a step-by-step guide to configure an access provider to the LCC Console using a SAML provider. ## Microsoft Entra ID Configuration 1. Access the **Entra ID** platform in your environment and go to **Applications**. Select **App Registrations** and click **New Registration**. ![](/files/aYeZ96ijZi9WG1nETtEN) 2. Define a name for the application and choose the type of Microsoft Entra ID account that will have permission to access LCC. ![](/files/08hI20CWaTKyKNFeyyJD) 3. Define the scope of access to the application as desired. ![](/files/WgOJd1MobjVpl51bRGly) 4. Click **Register**. ![](/files/7eR96YLLHkMGRSdlB8Jd) ## SAML Provider Configuration ### Registering the Provider in LCC 1. Click **Config** in the left menu of LCC. ![](/files/hrHlEv8SGbfrVGOKVHrt) 2. Click **Provider**. ![](/files/lZasAPaUhrDeBLcuqbRJ) 3. Click **SAML**. ![](/files/6jd11MBdH3JDKwJlPeHU) 4. Click **Create**. ![](/files/ncg8HOSkKOhLObm0Ln0R) 5. Fill in the required fields as follows: * **Name:** This will be the name of the provider button on the LCC login screen. * **Entity ID:** Enter the ID of the application created in Microsoft Entra ID. * **IDP Metadata URL:** Enter the Authority URL from the Entra ID application. * **IDP Metadata Data:** Enter the metadata URL from your Identity Provider. ![](/files/GmQjDEqUYhDqwy8cUw1h) 1. To obtain the IDP URL information from Microsoft Entra ID, go to the **Overview** page of the application and click **Endpoints**. * Copy the **SAML-P Sign-on Endpoint** and paste it into the **IDP Metadata URL** field. ![](/files/9ocWpZfyqUKg3I3iDLlr) 1. Click **Select an Icon** and choose the login button icon for the provider that will appear on the LCC Console login screen. You can also upload a custom icon using a Base64 string. ![](/files/RGdShloKDRCC9hrhLD2g) 2. Click **Next**. ![](/files/FSr3ZObX5Dv1TBhAOBVX) 3. Fill in the **User Identifier Attribute** field. This defines the user from the Identity Provider responsible for validating authentication. You can define a key to validate the IDP response. ![](/files/qeGpGbCrCq7ECqtToQKx) 4. Click **Next** again and select the options as needed. ![](/files/6lNMZqEYZkCWWpjvAgRZ) 5. Click **Save** to create the provider in the LCC Console. ![](/files/74iBrCioh0DgNg9uLSs4) ### Registering the Endpoint in the IDP > **Important:**\ > This step is crucial in configuring the identity provider. You must register the LCC endpoint in your **Identity Provider** so that LCC has permission to perform queries. 1. Click on the Identity Provider you created and copy the **Assertion Consumer Service URL**. Paste it into the **Redirect URL** field in the Microsoft Entra ID application. ![](/files/U5mW3GlMPaM5AZw6avjY) 2. Field configuration in Microsoft Entra ID. ![](/files/ApDXJs0Gkk2BPo9thxxs) ### Granting Permission to the Provider 1. Click **Config** in the left menu. ![](/files/bWMYrerx1CqWTmFzEKne) 2. Click **Authentication**. ![](/files/XaKz5QKsXMMehzXGD3D3) 3. Click the **Providers** tab, select the provider, and move it to the table on the right. ![](/files/bL8wtRd76oYoyUTv5KQi) 4. Click **Save** to set the provider (e.g., Cisco Duo) as a valid authentication method. ![](/files/AjDd23DxLGuyOfGrUZBS) ## Access with Identity Provider 1. Log out from the current user and click the Identity Provider button you created. LCC will perform the query and read the SAML response to validate access to the Console. ![](/files/ZMI36dhmjwuoApGL2CVY) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.linuxcontrolcenter.com.br/en/configs-integrations/user-management/providers/saml/ms-entra-id.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.