> ## Documentation Index > Fetch the complete documentation index at: https://docs.abbyy.com/llms.txt > Use this file to discover all available pages before exploring further. # Azure AD as a SAML 2.0 External Identity Provider > Configure Azure Active Directory (Azure AD) as a SAML 2.0 External Identity Provider for ABBYY Vantage: register the app, create the Redirect URI, set up SSO. ## Prerequisites * Ensure that you have a Vantage tenant identifier before configuring identities. To get a tenant identifier, click **Configuration** in ABBYY Vantage. The identifier is on the **General** tab. * Create a Redirect URI to receive the authentication responses. The URI is: \ `https:///auth2/Saml2/Acs` * Create an application registration (see the instructions [below](#creating-the-application)). Registering your application establishes a trust relationship between your application and the External Identity Provider. ### Creating the application To create the application, follow these steps: Go to [Azure Portal](https://portal.azure.com/) and sign in. In the pane on the left, select **Azure Active Directory**. In the pane on the right, select **App registrations** and click **New registration**. Azure AD App registrations pane with the New registration button highlighted

Azure AD App registrations pane with the New registration button highlighted

Specify the following: * **Name** — a name for the application. * **Supported account types** — select **Accounts in this organizational directory only**. * **Redirect URI** — for each Vantage URL that should authenticate using this account, enter `https:///auth2/Saml2/Acs`. Azure AD application registration form with name, supported account types, and SAML redirect URI fields

Azure AD application registration form with name, supported account types, and SAML redirect URI fields

Click **Register**. Next, set up Azure Active Directory to be used as an External Identity Provider. ## Set up Azure Active Directory To set up Azure Active Directory, follow these steps: In the **Expose an API** tab, set the **Application ID URI**. Due to [Microsoft Entra identifier URI restrictions](https://learn.microsoft.com/en-us/entra/identity-platform/identifier-uri-restrictions), use the format `api://`, where `appId` is the Application ID from the app registration (for example, `api://cccc3333-dddd-4444-eeee-5555ffff6666`). Copy this value — you'll need it when configuring the External Identity Provider in Vantage. Select the **Overview** tab and click **Endpoints**. Copy the value of the **Federation metadata document** field. ## Next steps Once Azure AD is configured, connect it to your Vantage tenant. You'll need the URL to the **Federation metadata document** you copied in the Set up section (step 2). For the Vantage-side setup, see [Setting up an External Identity Provider for a tenant](/vantage/documentation/tenant-admin/tenant-management/configuring-tenant). ## Related topics Overview of SAML 2.0 setup for AD FS or Azure AD Configure on-premises AD FS instead of Azure AD Connect Azure AD to your Vantage tenant Verify the External Identity Provider before users sign in