# Configuring SSO: Microsoft Entra ID > You can use Microsoft Entra ID as your identity provider. You can use Microsoft Entra ID as your identity provider. 1. Create a Microsoft Entra ID App Registration: :::note The following steps are a broad description of a **sample configuration**. For more detailed instructions, refer to the [Microsoft documentation](https://docs.microsoft.com/en-us/azure/app-service/configure-authentication-provider-aad) for configuring Microsoft Entra ID as an authentication provider. ::: 1. Log in to the Azure portal as an administrator, go to [App Registrations](https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade) , and select **New Registration**. 2. In the **Register an application** page, fill in the **Name** field with a name for `Private Test Cloud`. 3. In the **Supported account types** section, select **Accounts in this organizational directory only**. 4. Set the **Redirect URI** by selecting **Web** from the drop-down list and filling in the Identity base URL, plus the suffix `/azure-signin-oidc`. For example, `https://{yourDomain}/{organizationName}/identity_/azure-signin-oidc`. 5. At the bottom, select the **ID tokens** checkbox. 6. Select **Register** to register `Private Test Cloud`. 7. Save the **Application (Client) ID** for later. 2. Configure Microsoft Entra ID SSO: 1. Log in to the `host Management portal` as a system administrator. 2. Make sure that **Host** is selected at the top of the left pane and then select **Security**. 3. Under **Microsoft Entra ID SSO**, select **Configure**. * Select the **Force automatic login using this provider** checkbox if you want to only allow login with Microsoft Entra ID accounts. * In the **Display Name** field, type the text you want to show under this login option on the **Login** page. * In the **Client ID** field, paste the value of the **Application (Client) ID** obtained from the Azure portal. * (Optional) In the **Client Secret** field, paste the value obtained from the Azure portal. * Set the **Authority** parameter to one of the following values: + `https://login.microsoftonline.com/`, where <tenant> is the tenant ID of the Microsoft Entra ID tenant or a domain associated with this Microsoft Entra ID tenant. Used only to sign in users of a specific organization. + `https://login.microsoftonline.com/common`. Used to sign in users with work and school accounts or personal Microsoft accounts. * (Optional) In the **Logout URL**, paste the value obtained from the Azure portal. 4. Select **Save** to save the configuration and return to the previous page. 5. Select the toggle to the left of **Microsoft Entra ID SSO** to enable the integration. 6. Restart the **identity-service-api-*** pod. This is required after making any changes to external providers. 1. Connect to your Automation Suite cluster. 2. Run the following command: `kubectl -n uipath rollout restart deployment identity-service-api` 3. Allow Microsoft Entra ID SSO for the organization: Now that Automation Suite is integrated with Microsoft Entra ID Sign-In, user accounts that have a valid Microsoft Entra ID email address can use the **Microsoft Entra ID** SSO option on the **Login** page to sign in to Automation Suite. Each organization administrator must do this for their organization if they want to allow login with Microsoft Entra ID SSO. Figure 1. Azure AD sign in option 1. Log in to `Private Test Cloud` as an organization administrator. 2. Add user accounts, each with a valid Microsoft Entra ID email address.