Configure a enterprise application on Azure AD, configure it and export XML
![](https://blog.pollaio.site/wp-content/uploads/2021/02/image-46.png)
![](https://blog.pollaio.site/wp-content/uploads/2021/02/image-47.png)
![](https://blog.pollaio.site/wp-content/uploads/2021/02/image-48.png)
Insert:
Identifier -> https://<public-FQDN-UAG>/portal
Reply URL -> https://<public-FQDN-UAG>/portal/samlsso
Sign on URL -> https://<public-FQDN-UAG>/portal/samlsso
![](https://blog.pollaio.site/wp-content/uploads/2021/02/image-49.png)
![](https://blog.pollaio.site/wp-content/uploads/2021/02/image-50.png)
Download the XML
![](https://blog.pollaio.site/wp-content/uploads/2021/02/image-51.png)
Assign Users or Groups permission to Enterprise application
![](https://blog.pollaio.site/wp-content/uploads/2021/02/image-52.png)
Import XML on UAG and configure it
Import Identity Provider Metadata, select the file XML downloaded from the Enterprise Application data
![](https://blog.pollaio.site/wp-content/uploads/2021/02/image-53.png)
Select the identity provider
![](https://blog.pollaio.site/wp-content/uploads/2021/02/image-54.png)
Select More Option
![](https://blog.pollaio.site/wp-content/uploads/2021/02/image-55.png)
And select SAML e the correct Identity provider (with SAML+PASSTROUGHT the identity token will not passed to horizon Server and it will required a new autentication)
![](https://blog.pollaio.site/wp-content/uploads/2021/02/image-56.png)