# Azure ADFS Identity Provider
### Create Azure AD Enterprise Application
{% hint style="info" %}
**Note:** Make sure that the Azure domain is an exact match to the e-mail domain used to register a tenant in IT-Conductor. Users with mismatched email domains will not be able to auto-provision in IT-Conductor
{% endhint %}
In the Azure Portal, navigate to **Azure Active Directory → Enterprise Applications → New Application.**
Don't try to locate an existing one but click **+ Create your application**.
Figure 1: Create Your Own Application Wizard
Figure 2: Application Setup
1. Assign users and groups
2. Click **Get Started** in "Set up single sign on".
Figure 3: IT-Conductor SSO Configuration
Click on **SAML** to configure.
Figure 4: SAML Configuration
Fill in the fields as described on the [SSO Setup](https://docs.itconductor.com/user-guide/setup/sso-setup):
Figure 5: SAML Configuration with actual values
Click **Federation Metadata XML Download** to export the metadata to a file.
Import the metadata into IT-Conductor to create an Identity Provider definition as described in [SSO Setup](https://docs.itconductor.com/user-guide/setup/sso-setup).
Click **Test** to validate SSO Configuration.
