# SSO in Chat Widget

## What the SSO in Chat widget is

The SSO in Chat widget integration enables you to let your end users to authenticate through Microsoft Azure Active Directory inside the Ebbot Chat widget.

## Configure SSO in Chat widget

Follow this guide to enable the use of SSO in your Ebbot Chat widget.

**Prerequisite – Get the Metadata File**

Before starting the Azure configuration, you must generate the SAML metadata file in the widget.

1. Go to **Settings → Integrations → SSO** in the widget.
2. Click **Save** (this is required even if no changes are made).
3. After saving, the metadata file will be available at one of the following URLs, depending on hosting:
   * **EU OVH Hosting**

     <a class="button secondary">Copy</a>

     ```
     https://sp.saml.ebbot.eu/[botid]/metadata.xml
     ```
   * **EU Google Hosting**

     <a class="button secondary">Copy</a>

     ```
     https://sp.saml.v2.ebbot.app/[botid]/metadata.xml
     ```
4. Download and save the metadata file locally. You will need this file later when configuring SAML in Azure.

**Create the Enterprise Application in Azure**

1. Go to **Azure Portal** and navigate to **Enterprise Applications**.
2. Click **New application** → **Create your own application**.
3. Enter a name for the application.
4. Select **Integrate any other application you don’t find in the gallery (Non-gallery)**.
5. Click **Create**.

**Configure Single Sign-On (SAML)**

1. Once the application is created, open it and click **Set up single sign-on**.
2. Select **SAML** as the sign-on method.
3. Click **Upload metadata file**.
4. Upload the locally saved metadata file.
5. Click **Save**.

**Export and Configure the Certificate**

1. Download the **Base64-encoded certificate** from Azure.
2. Go to settings --> integrations --> SSO in widget.
3. Paste the certificate into the **IDP Certificate** field.

**Encryption Options**

1. Choose **one** of the following options:

* Upload the **client certificate** into Azure, **or**
* Enable **Allow Unencrypted Assertion**

**Testing and Attribute Mapping**

1. You can now start testing SSO directly inside the widget.
2. The attributes under **Attributes & Claims** should be accessible using the `{{ email }}` attribute.

**Final Step: Enable SSO in a Scenario**

1. Add the **SAML SSO card** to the scenario you want to authorize access through.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ebbot.ai/ebbot-docs/integrations/authentication-sso/sso-in-chat-widget.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.