# Microsoft Azure: Custom Attributes with SAML /Entra ID

First, make sure you have SAML login working using following guide:

[https://help.aikido.dev/doc/microsoft-azure-login-with-saml--entra-id/doc74BfKR60Z](/getting-started/automated-user-management/saml-login/microsoft-azure-login-with-saml-entra-id.md)

### Setting up Azure Group based SAML custom attributes <a href="#setting-up-azure-group-based-saml-custom-attributes" id="setting-up-azure-group-based-saml-custom-attributes"></a>

1. Go to the application registration

   ![Azure portal view for managing Aikido-SSO enterprise application properties and settings.](/files/oLgbDIr4AHurwdeTJi8I)
2. Create an app role.**value** here should be the value of the claim. In this example, we're setting up for `aikido_role`, so valid values for this are `admin`, `default`, `team_only`.

   ![Creating a new app role "Aikido Admin" in Microsoft Azure for Aikido-SSO.](/files/nsRfUHnJTamTtUswDeeQ)
3. After saving, go back to the app settings, and add a group to 'Users and Groups'

   ![Azure portal: Assign users or groups to the Aikido-SSO enterprise application.](/files/Xc9ZEJYE47sGgPvDie1g)
4. Add the Entra group you'd like to give admin access (in this case) and add the role we created in step 2.

   ![Azure Add Assignment: Select users, groups, and roles for directory permissions.](/files/ewPcde4ckLTi8kJ0L0CQ)
5. Back in the Single Sign-on settings of the app, go to the Attributes & Claims -> Edit

   ![Azure portal SAML-based single sign-on configuration for Aikido-SSO application.](/files/9FEc8XU5Oqe1VDl8VhON)
6. Click 'Add new claim'

   ![Azure portal Attributes & Claims page for adding and managing SAML claims.](/files/k7Aq5AEq7OYAQPeL4StC)
7. Fill in the attribute name & user.assignedroles as source attribute. (this is the `admin` value we set up in step 2)

   ![Azure claim setup: mapping "aikido\_role" to "user.assignedroles" attribute.](/files/1bBsAMTt8JtDmVMi1Ycx)
8. All done. On SAML login, these changes will take effect.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.aikido.dev/getting-started/automated-user-management/saml-login/microsoft-azure-custom-attributes-with-saml-entra-id.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.