# Introduction

For an overall understanding of the SAML authentication feature, read the [overview](https://docs.sonarsource.com/sonarqube-server/2025.2/instance-administration/authentication/saml/overview "mention") of SAML page.

To set up SAML with Microsoft Entra ID:

1. If you want to use Just-in-Time provisioning with the group synchronization feature, verify the user groups in SonarQube Server so that the automatic group synchronization can take place properly. See **Just-in-Time provisioning > Group synchronization** in [overview](https://docs.sonarsource.com/sonarqube-server/2025.2/instance-administration/authentication/overview "mention").
2. Make sure your [server-base-url](https://docs.sonarsource.com/sonarqube-server/2025.2/instance-administration/server-base-url "mention").
3. [setup-in-entra-id](https://docs.sonarsource.com/sonarqube-server/2025.2/instance-administration/authentication/saml/ms-entra-id/setup-in-entra-id "mention").
4. [setup-in-sq](https://docs.sonarsource.com/sonarqube-server/2025.2/instance-administration/authentication/saml/ms-entra-id/setup-in-sq "mention").
5. If you want to use SCIM provisioning, [scim-provisioning-with-azure-ad](https://docs.sonarsource.com/sonarqube-server/2025.2/instance-administration/authentication/saml/scim/scim-provisioning-with-azure-ad "mention").
6. Optionally, [optional-security-features](https://docs.sonarsource.com/sonarqube-server/2025.2/instance-administration/authentication/saml/ms-entra-id/optional-security-features "mention").

{% hint style="warning" %}

* Group synchronization doesn’t work with Microsoft Entra ID’s nested groups.
* Microsoft Entra ID SAML tokens have a limit regarding the number of groups a user can belong to (see the description of groups in the [Claims in SAML Token](https://learn.microsoft.com/en-us/entra/identity-platform/reference-saml-tokens#claims-in-saml-tokens) table). In such cases, you might need to reduce the number of groups the user is in.
  {% endhint %}