# Introduction

For an overall understanding of the SAML authentication feature, read the [overview](https://docs.sonarsource.com/sonarqube-server/10.8/instance-administration/authentication/saml/overview "mention") page.

To set up SAML with Microsoft Entra ID:

1. [setup-in-entra-id](https://docs.sonarsource.com/sonarqube-server/10.8/instance-administration/authentication/saml/ms-entra-id/setup-in-entra-id "mention").
2. [setup-in-sq](https://docs.sonarsource.com/sonarqube-server/10.8/instance-administration/authentication/saml/ms-entra-id/setup-in-sq "mention").
3. Optionally, [scim-provisioning-with-azure-ad](https://docs.sonarsource.com/sonarqube-server/10.8/instance-administration/authentication/saml/scim/scim-provisioning-with-azure-ad "mention").
4. Optionally, [optional-security-features](https://docs.sonarsource.com/sonarqube-server/10.8/instance-administration/authentication/saml/ms-entra-id/optional-security-features "mention").

{% hint style="warning" %}

* Group synchronization doesn’t work with Microsoft Entra ID’s nested groups.
* Microsoft Entra ID SAML tokens have a limit regarding the number of groups a user can belong to (see the description of groups in the [Claims in SAML Token](https://learn.microsoft.com/en-us/entra/identity-platform/reference-saml-tokens#claims-in-saml-tokens) table). In such cases, you might need to reduce the number of groups the user is in.
  {% endhint %}