> ## Documentation Index
> Fetch the complete documentation index at: https://docs.abbyy.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Setting up an External Identity Provider

> Configure Active Directory Federation Services (AD FS) or Azure Active Directory (Azure AD) as an External Identity Provider for your ABBYY Vantage tenant.

An identity provider authenticates users on behalf of Vantage. By default, Vantage uses its built-in identity provider, which authenticates users with a username and password. You can configure your tenant to use an **External Identity Provider** instead — Vantage then delegates identity verification to that provider before granting access.

Existing tenant users can authenticate via the External Identity Provider using the email address they previously signed in with.

<Note>
  This setup requires the **Tenant Administrator** role. The same External Identity Provider can be configured for multiple tenants.
</Note>

## Supported providers and protocols

Vantage supports the following External Identity Providers:

* **Active Directory Federation Services (AD FS)**
* **Azure Active Directory (Azure AD)**
* **Other** — any provider that speaks OAuth 2.0 or SAML 2.0

Both the **OAuth 2.0** and **SAML 2.0** protocols are supported.

## Prepare the External Identity Provider

Choose the protocol your provider uses, then follow the corresponding setup guide.

<CardGroup cols={2}>
  <Card title="OAuth 2.0" icon="key" href="/vantage/documentation/tenant-admin/tenant-management/oauth-2-0">
    Configure AD FS, Azure AD, or another provider with OAuth 2.0.
  </Card>

  <Card title="SAML 2.0" icon="shield-halved" href="/vantage/documentation/tenant-admin/tenant-management/saml-2-0">
    Configure AD FS, Azure AD, or another provider with SAML 2.0.
  </Card>
</CardGroup>

## Connect the provider to your tenant

Once the provider is prepared, enable it in your Vantage tenant. See [Setting up an External Identity Provider for a tenant](/vantage/documentation/tenant-admin/tenant-management/configuring-tenant).

<Note>
  After setup is complete, users authenticate through the External Identity Provider. See [Authentication using an External Identity Provider](/vantage/documentation/tenant-admin/tenant-management/authenticating-external-provider).
</Note>

## Related topics

<CardGroup cols={2}>
  <Card title="Authentication" icon="key" href="/vantage/documentation/tenant-admin/tenant-management/authentication">
    Sign-in flows and OAuth 2.0 / SAML 2.0 options
  </Card>

  <Card title="Setting up an External Identity Provider for a tenant" icon="sliders" href="/vantage/documentation/tenant-admin/tenant-management/configuring-tenant">
    Connect the prepared provider to your Vantage tenant
  </Card>

  <Card title="Testing external authentication" icon="vial" href="/vantage/documentation/tenant-admin/tenant-management/testing-external-auth">
    Verify the External Identity Provider before users sign in
  </Card>

  <Card title="Associated email domains" icon="at" href="/vantage/documentation/tenant-admin/tenant-management/email-domains">
    Allow users from specific email domains to sign in
  </Card>
</CardGroup>