diff --git a/locale/cs/LC_MESSAGES/admin-docs.po b/locale/cs/LC_MESSAGES/admin-docs.po
index 50dd82e2..10716621 100644
--- a/locale/cs/LC_MESSAGES/admin-docs.po
+++ b/locale/cs/LC_MESSAGES/admin-docs.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Zammad\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-11-14 11:32+0100\n"
+"POT-Creation-Date: 2024-11-29 15:26+0100\n"
 "PO-Revision-Date: 2023-09-23 01:11+0000\n"
 "Last-Translator: Tomáš Kovařík <tomas.kovarik@cdv.cz>\n"
 "Language-Team: Czech <https://translations.zammad.org/projects/"
@@ -26,6 +26,7 @@ msgstr "Chat"
 #: ../channels/chat.rst:5 ../channels/facebook.rst:5
 #: ../misc/object-conditions/basics.rst:5
 #: ../settings/security/ssl-certificates.rst:5
+#: ../settings/security/third-party/saml.rst:5
 #: ../system/integrations/pgp/index.rst:5 ../system/objects/permissions.rst:5
 msgid "Introduction"
 msgstr ""
@@ -527,7 +528,7 @@ msgstr ""
 
 #: ../channels/email/accounts/account-setup.rst:141
 #: ../channels/email/accounts/account-setup.rst:264
-#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:166
+#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:149
 #: ../system/integrations/i-doit.rst:74
 msgid "SSL verification"
 msgstr ""
@@ -792,7 +793,7 @@ msgstr ""
 #: ../channels/email/accounts/account-setup.rst:288
 #: ../channels/google/basic-setup.rst:231
 #: ../channels/microsoft365/accounts/account-setup.rst:170
-#: ../settings/security/third-party/saml.rst:203
+#: ../settings/security/third-party/saml.rst:186
 #: ../system/integrations/cti/includes/troubleshooting.include.rst:2
 #: ../system/integrations/github.rst:53 ../system/integrations/gitlab.rst:46
 #: ../system/integrations/pgp/index.rst:112
@@ -4051,8 +4052,8 @@ msgid "OpenId permissions"
 msgstr ""
 
 #: ../channels/microsoft365/accounts/register-app.rst:87
-#: ../settings/security/third-party/saml.rst:79
-#: ../settings/security/third-party/saml.rst:85
+#: ../settings/security/third-party/saml/saml-keycloak.rst:23
+#: ../settings/security/third-party/saml/saml-keycloak.rst:29
 msgid "``email``"
 msgstr ""
 
@@ -17879,188 +17880,133 @@ msgstr ""
 msgid "SAML"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:4
-msgid ""
-"Connect your SAML (Security Assertion Markup Language) identity provider as "
-"a single sign-on (SSO) method."
-msgstr ""
-
 #: ../settings/security/third-party/saml.rst:7
 msgid ""
-"SAML is an open standard for SSO authentication (among other things). Sign-"
-"ins are shared across multiple **service providers** and managed by a "
-"central **identity provider** (IdP)."
+"Connect your SAML (Security Assertion Markup Language) identity provider as "
+"a single sign-on (SSO) method. SAML is an open standard for SSO "
+"authentication (among other things). Sign-ins are shared across multiple "
+"**service providers** and managed by a central **identity provider** (IdP)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:11
+#: ../settings/security/third-party/saml.rst:12
 msgid ""
 "In this case, the service provider is Zammad, and the IdP is a software "
-"service that you either host or subscribe to (*e.g.,* `Keycloak <https://www."
+"service that you either host or subscribe to (e.g. `Keycloak <https://www."
 "keycloak.org/>`_, `Redhat SSO Server <https://access.redhat.com/products/red-"
 "hat-single-sign-on>`_, `ADFS <https://docs.microsoft.com/en-us/windows-"
 "server/identity/active-directory-federation-services>`_, or `Okta <https://"
 "www.okta.com/>`_)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:18
+#: ../settings/security/third-party/saml.rst:19
 msgid ""
-"This guide assumes you are already using SAML within your organization (i."
-"e., that your IdP is fully set up)."
+"This guide assumes you are already using SAML within your organization (i.e. "
+"that your IdP is fully set up)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:21
+#: ../settings/security/third-party/saml.rst:23
+#, fuzzy
+#| msgid "Configuration of the Chat widget"
+msgid "Basic Configuration"
+msgstr "Konfigurace widgetu Chat"
+
+#: ../settings/security/third-party/saml.rst:25
 msgid ""
-"Please note: Our instructions are based on connecting Zammad with Keycloak."
+"This section describes the setup of an IdP in a general way. See :ref:`saml-"
+"guides` for setup guides for Keycloak and Microsoft SAML."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:25
-msgid "Step 1: Configure Your IdP"
+#: ../settings/security/third-party/saml.rst:29
+msgid "Configure Your IdP"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:28
+#: ../settings/security/third-party/saml.rst:32
 msgid "Add Zammad as a Client/App"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:30
+#: ../settings/security/third-party/saml.rst:34
 msgid ""
 "Import Zammad into your IdP using the XML configuration found at ``https://"
 "your.zammad.domain/auth/saml/metadata``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:33
+#: ../settings/security/third-party/saml.rst:37
 msgid ""
 "If your IdP doesn't support XML import, you will have to configure Zammad as "
 "a new client/app manually using the above XML metadata file for reference."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:36
+#: ../settings/security/third-party/saml.rst:40
 msgid "For instance, when you see this tag:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:42
+#: ../settings/security/third-party/saml.rst:46
 msgid ""
 "Set the **Assertion Consumer Service Binding URL** (sometimes also listed as "
 "**Valid Redirect URIs**) to ``http://your.zammad.domain/auth/saml/callback``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:47
+#: ../settings/security/third-party/saml.rst:51
 msgid "Set Up User Attribute Mapping"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:49
+#: ../settings/security/third-party/saml.rst:53
 msgid ""
 "Zammad requests the following user attributes (or “properties”) from the IdP:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:51
+#: ../settings/security/third-party/saml.rst:55
 msgid "Email address (``email``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:52
+#: ../settings/security/third-party/saml.rst:56
 msgid "Full name (``name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:53
+#: ../settings/security/third-party/saml.rst:57
 msgid "Given name (``first_name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:54
+#: ../settings/security/third-party/saml.rst:58
 msgid "Family name (``last_name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:56
+#: ../settings/security/third-party/saml.rst:60
 msgid ""
 "You may need to set up “mappers” (or “mappings”) to tell your IdP how user "
 "attributes in SAML correspond to those in Zammad. For a more detailed "
 "breakdown, refer to the XML metadata file referenced in the previous section."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:62
-msgid "Per-IdP Instructions"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:102
-msgid "Keycloak"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:65
-msgid ""
-"**To add Zammad as a client,** save the XML configuration to disk (``https://"
-"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
-"Import client** in the Keycloak admin panel."
-msgstr ""
+#: ../settings/security/third-party/saml.rst:68
+#, fuzzy
+#| msgid "Configuration of the Chat widget"
+msgid "Configuration Guides"
+msgstr "Konfigurace widgetu Chat"
 
 #: ../settings/security/third-party/saml.rst:70
-msgid ""
-"To help Zammad **match its own user accounts to Keycloak users**, create a "
-"user attribute (or “property”) mapper. In **Clients list**, click on your "
-"newly created Client ID, choose the tab **Client scopes** and click on the "
-"link which refers to your Zammad instance. Choose **Add mapper > By "
-"configuration > User Property** and create a mapper with the following "
-"entries:"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:78
-msgid "**Name**"
+msgid "You can find specific configuration guides for:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:80
-msgid "**Mapper Type**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:81
-msgid "``User Property``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:82
-msgid "**Property**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:83
-msgid "``emailAddress``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:84
-msgid "**SAML Attribute Name**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:86
-msgid "**SAML Attribute NameFormat**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:87
-msgid "``basic``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:89
-msgid ""
-"In the example above, we're telling Zammad that whenever it receives a SAML "
-"login request, it should take the ``email`` property from Keycloak, look for "
-"a Zammad user with the same ``email`` attribute, and create a new session "
-"for that user."
+#: ../settings/security/third-party/saml.rst:72
+msgid ":doc:`Keycloak <./saml/saml-keycloak>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:95
-msgid ""
-"If your Keycloak users' email addresses are stored on another property (*e."
-"g.,* ``username``), adjust accordingly."
+#: ../settings/security/third-party/saml.rst:73
+msgid ":doc:`Microsoft SAML <./saml/saml-microsoft>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:98
+#: ../settings/security/third-party/saml.rst:75
 msgid ""
-"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
-"saml/metadata``) in the field **Master SAML Processing URL**."
+"If your are using another IdP, adapt it to your needs. For a description of "
+"the fields in Zammad, read on below."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:101
-msgid "You also need to enable **Sign assertions**."
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:105
-msgid "Step 2: Configure Zammad"
+#: ../settings/security/third-party/saml.rst:88
+msgid "General Zammad Configuration"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:107
+#: ../settings/security/third-party/saml.rst:90
 msgid ""
 "Enable SAML and enter your IdP's details in the Admin Panel under **Settings "
 "> Security > Third Party Applications > Authentication via SAML**:"
@@ -18070,66 +18016,65 @@ msgstr ""
 msgid "Example configuration of SAML part 1"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Display name"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:116
+#: ../settings/security/third-party/saml.rst:99
 msgid ""
 "Allows you to define a custom button name for SAML. This helps your users to "
 "understand better what the button on the login page does."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Defaults to ``SAML``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:123
+#: ../settings/security/third-party/saml.rst:106
 msgid "IDP SSO target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:122
+#: ../settings/security/third-party/saml.rst:105
 msgid ""
 "This is the target URL Zammad shall redirect to when the user presses the "
-"SAML button. For Keycloak, this needs to look like https://your.domain/"
-"realms/your-realm/protocol/saml"
+"SAML button."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:127
+#: ../settings/security/third-party/saml.rst:110
 msgid "IDP single logout target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:126
+#: ../settings/security/third-party/saml.rst:109
 msgid ""
 "This is the URL to which the single logout request and response should be "
 "sent."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:131
+#: ../settings/security/third-party/saml.rst:114
 msgid "IDP certificate"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:130
+#: ../settings/security/third-party/saml.rst:113
 msgid ""
 "The public certificate of your IDP for Zammad to verify during the callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:145
+#: ../settings/security/third-party/saml.rst:128
 msgid "IDP certificate fingerprint"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:134
+#: ../settings/security/third-party/saml.rst:117
 msgid ""
 "The fingerprint of your IDPs public certificate to verify during callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:137
+#: ../settings/security/third-party/saml.rst:120
 msgid "🔏 **For the IdP certificate / certificate fingerprint:**"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:139
+#: ../settings/security/third-party/saml.rst:122
 msgid ""
 "Provide **only one or the other**—do not provide both! (Between the two, we "
 "recommend the signing certificate itself: fingerprints use SHA-1, which `has "
@@ -18137,31 +18082,31 @@ msgid ""
 "sha1_broken.html>`_.)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:144
+#: ../settings/security/third-party/saml.rst:127
 msgid ""
 "**Keycloak users:** Find your certificate in the Keycloak admin panel under "
 "**Realm Settings > Keys > Algorithm: RS256 > Certificate**."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Name identifier format"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:148
+#: ../settings/security/third-party/saml.rst:131
 msgid ""
 "This is the unique identifiers field type. Usually it should be ``urn:oasis:"
 "names:tc:SAML:1.1:nameid-format:emailAddress``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Zammad **expects an email address as unique identifier**!"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:155
+#: ../settings/security/third-party/saml.rst:138
 msgid "UID attribute name"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:154
+#: ../settings/security/third-party/saml.rst:137
 msgid ""
 "Here you can define an attribute that uniquely identifies the user. If "
 "unset, the name identifier returned by the IDP is used."
@@ -18171,101 +18116,361 @@ msgstr ""
 msgid "Example configuration of SAML part 2"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:163
+#: ../settings/security/third-party/saml.rst:146
 msgid ""
 "Decide if the certificate for the connection to the IdP service has to be "
 "verified or not (default: ``yes``)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid "Signing & Encrypting"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid ""
 "Define if you want to sign, encrypt, do both or nothing for the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "Certificate (PEM)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:172
+#: ../settings/security/third-party/saml.rst:155
 msgid ""
 "Paste the public certificate of your Zammad SAML client, if you want to "
 "encrypt the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:175
+#: ../settings/security/third-party/saml.rst:158
 msgid "Make sure the certificate is:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:177
+#: ../settings/security/third-party/saml.rst:160
 msgid "already valid and not yet expired"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:178
+#: ../settings/security/third-party/saml.rst:161
 msgid "no CA certificate"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "valid for signing and encrypting"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Private key (PEM)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:182
+#: ../settings/security/third-party/saml.rst:165
 msgid ""
 "Paste the private key of your Zammad SAML client here, if you want to sign "
 "the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Make sure the key is an RSA key with a length of at least 2048 bits."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "Private key secret"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "If your private key is secured with a secret, you can provide it here."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:192
+#: ../settings/security/third-party/saml.rst:175
 msgid "Your callback URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:191
+#: ../settings/security/third-party/saml.rst:174
 msgid ""
 "This URL is needed for your IdP configuration so it knows where to redirect "
 "to after successful authentication."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:194
+#: ../settings/security/third-party/saml.rst:177
 msgid ""
 "After saving your input by clicking on the \"Submit\" button, Zammad "
 "verifies the provided keys/certificates (e.g. if they are valid for signing/"
 "encrypting and if they aren't expired)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:199
+#: ../settings/security/third-party/saml.rst:182
 msgid ""
 "See :ref:`automatic account linking <automatic-account-linking>` for details "
 "on how to link existing Zammad accounts to IdP accounts."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:205
+#: ../settings/security/third-party/saml.rst:188
 msgid "Automatic account linking doesn't work"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:206
+#: ../settings/security/third-party/saml.rst:189
 msgid ""
 "Have you double-checked your IdP's user attribute mapping configuration?"
 msgstr ""
 
+#: ../settings/security/third-party/saml/saml-keycloak.rst:2
+msgid "SAML with Keycloak"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:5
+msgid "Step 1: Keycloak Configuration"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:7
+msgid ""
+"**To add Zammad as a client,** save the XML configuration to disk (``https://"
+"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
+"Import client** in the Keycloak admin panel."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:13
+msgid ""
+"To help Zammad **match its own user accounts to Keycloak users**, create a "
+"user attribute (or “property”) mapper. In **Clients list**, click on your "
+"newly created Client ID, choose the tab **Client scopes** and click on the "
+"link which refers to your Zammad instance. Choose **Add mapper > By "
+"configuration > User Property** and create a mapper with the following "
+"entries:"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:22
+msgid "**Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:24
+msgid "**Mapper Type**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:25
+msgid "``User Property``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:26
+msgid "**Property**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:27
+msgid "``emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:28
+msgid "**SAML Attribute Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:30
+msgid "**SAML Attribute NameFormat**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:31
+msgid "``basic``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:33
+msgid ""
+"In the example above, we're telling Zammad that whenever it receives a SAML "
+"login request, it should take the ``email`` property from Keycloak, look for "
+"a Zammad user with the same ``email`` attribute, and create a new session "
+"for that user."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:39
+msgid ""
+"If your Keycloak users' email addresses are stored on another property (*e."
+"g.,* ``username``), adjust accordingly."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:42
+msgid ""
+"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
+"saml/metadata``) in the field **Master SAML Processing URL**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:46
+msgid "You also need to enable **Sign assertions**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:49
+msgid "2. Configure Zammad"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:51
+#: ../settings/security/third-party/saml/saml-microsoft.rst:53
+msgid "Log in to Zammad as an administrator"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:52
+#: ../settings/security/third-party/saml/saml-microsoft.rst:54
+msgid ""
+"In the admin panel go to \"Settings\" > \"Security\" > \"Third-party "
+"Applications\" > \"Authentication via SAML\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:54
+#: ../settings/security/third-party/saml/saml-microsoft.rst:56
+msgid "Provide the following information:"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:56
+msgid ""
+"SAML IdP Login URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:57
+msgid ""
+"SAML IdP Logout URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:59
+#: ../settings/security/third-party/saml/saml-microsoft.rst:61
+msgid ""
+"Name Identifier Format: ``urn:oasis:names:tc:SAML:1.1:nameid-format:"
+"emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:60
+#: ../settings/security/third-party/saml/saml-microsoft.rst:62
+msgid ""
+"SAML IdP Certificate: Upload the previously downloaded Base64 certificate."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:61
+#: ../settings/security/third-party/saml/saml-microsoft.rst:63
+msgid "Save the settings"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:64
+#: ../settings/security/third-party/saml/saml-microsoft.rst:72
+msgid ""
+"Read on at :ref:`saml-zammad` for a description of the specific fields in "
+"Zammad."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:2
+msgid "SAML with Microsoft 365"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:5
+msgid "1. Register Zammad as an Application in Microsoft Entra ID"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:7
+msgid "Log in to the Microsoft Entra admin center with administrative rights"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:8
+msgid ""
+"Navigate to \"Identity\" > \"Applications\" > \"Enterprise Applications\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:9
+msgid "Click \"New Application\" and select \"Create your own application\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:10
+msgid "Enter a name for the application, e.g. \"Zammad SAML Integration\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:11
+msgid ""
+"Choose \"Integrate any other application you don't find in the gallery\", "
+"then click \"Create\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:15
+msgid "2. Configure SAML-based Single Sign-On (SSO)"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:17
+msgid "After the application is created, go to its overview page"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:18
+msgid "Select \"Single sign-on\" from the left-hand menu"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:19
+msgid "Choose \"SAML\" as the sign-on method"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:20
+msgid "In the \"Basic SAML Configuration\" section, click \"Edit\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:22
+msgid ""
+"Identifier (Entity ID): Use Zammad's Entity ID, which can be found at "
+"``https://your.zammad.domain/auth/saml/metadata``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:24
+msgid ""
+"Reply URL (Assertion Consumer Service URL): Set it to ``https://your.zammad."
+"domain/auth/saml/callback``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:27
+msgid "Save the configuration"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:30
+msgid "3. Configure User Attributes and Claims Mapping"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:32
+msgid ""
+"In the \"Attributes & Claims\" section, click \"Edit\". By default, some "
+"claims like User Principal Name, Email Address, First Name, and Last Name "
+"are already configured."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid ""
+"Screenshots showing \"Attribute & Claims\" configuration in Entra admin "
+"center"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:41
+msgid "4. Download the SAML Certificate"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:43
+msgid ""
+"In the \"SAML Signing Certificate\" section, download the \"Certificate "
+"(Base64)\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid "Screenshot showing the highlighted certificate export already"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:51
+msgid "5. Configure Zammad"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:58
+msgid ""
+"IDP SSO target URL: The Login URL from the Microsoft Entra Admin Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:59
+msgid ""
+"IDP single logout target URL: The Logout URL from the Microsoft Entra Admin "
+"Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:66
+msgid "6. Assign Users"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:68
+msgid ""
+"In Microsoft Entra ID, assign the relevant users to the Zammad application "
+"to grant them access."
+msgstr ""
+
 #: ../settings/security/third-party/twitter.rst:4
 msgid ""
 "It is possible to create a quick login for your helpdesk via Twitter. To do "
diff --git a/locale/da/LC_MESSAGES/admin-docs.po b/locale/da/LC_MESSAGES/admin-docs.po
index 6f43b82d..d677b419 100644
--- a/locale/da/LC_MESSAGES/admin-docs.po
+++ b/locale/da/LC_MESSAGES/admin-docs.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Zammad\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-11-14 11:32+0100\n"
+"POT-Creation-Date: 2024-11-29 15:26+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: Automatically generated\n"
 "Language-Team: none\n"
@@ -23,6 +23,7 @@ msgstr ""
 #: ../channels/chat.rst:5 ../channels/facebook.rst:5
 #: ../misc/object-conditions/basics.rst:5
 #: ../settings/security/ssl-certificates.rst:5
+#: ../settings/security/third-party/saml.rst:5
 #: ../system/integrations/pgp/index.rst:5 ../system/objects/permissions.rst:5
 msgid "Introduction"
 msgstr ""
@@ -505,7 +506,7 @@ msgstr ""
 
 #: ../channels/email/accounts/account-setup.rst:141
 #: ../channels/email/accounts/account-setup.rst:264
-#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:166
+#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:149
 #: ../system/integrations/i-doit.rst:74
 msgid "SSL verification"
 msgstr ""
@@ -770,7 +771,7 @@ msgstr ""
 #: ../channels/email/accounts/account-setup.rst:288
 #: ../channels/google/basic-setup.rst:231
 #: ../channels/microsoft365/accounts/account-setup.rst:170
-#: ../settings/security/third-party/saml.rst:203
+#: ../settings/security/third-party/saml.rst:186
 #: ../system/integrations/cti/includes/troubleshooting.include.rst:2
 #: ../system/integrations/github.rst:53 ../system/integrations/gitlab.rst:46
 #: ../system/integrations/pgp/index.rst:112
@@ -4027,8 +4028,8 @@ msgid "OpenId permissions"
 msgstr ""
 
 #: ../channels/microsoft365/accounts/register-app.rst:87
-#: ../settings/security/third-party/saml.rst:79
-#: ../settings/security/third-party/saml.rst:85
+#: ../settings/security/third-party/saml/saml-keycloak.rst:23
+#: ../settings/security/third-party/saml/saml-keycloak.rst:29
 msgid "``email``"
 msgstr ""
 
@@ -17847,188 +17848,129 @@ msgstr ""
 msgid "SAML"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:4
-msgid ""
-"Connect your SAML (Security Assertion Markup Language) identity provider as "
-"a single sign-on (SSO) method."
-msgstr ""
-
 #: ../settings/security/third-party/saml.rst:7
 msgid ""
-"SAML is an open standard for SSO authentication (among other things). Sign-"
-"ins are shared across multiple **service providers** and managed by a "
-"central **identity provider** (IdP)."
+"Connect your SAML (Security Assertion Markup Language) identity provider as "
+"a single sign-on (SSO) method. SAML is an open standard for SSO "
+"authentication (among other things). Sign-ins are shared across multiple "
+"**service providers** and managed by a central **identity provider** (IdP)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:11
+#: ../settings/security/third-party/saml.rst:12
 msgid ""
 "In this case, the service provider is Zammad, and the IdP is a software "
-"service that you either host or subscribe to (*e.g.,* `Keycloak <https://www."
+"service that you either host or subscribe to (e.g. `Keycloak <https://www."
 "keycloak.org/>`_, `Redhat SSO Server <https://access.redhat.com/products/red-"
 "hat-single-sign-on>`_, `ADFS <https://docs.microsoft.com/en-us/windows-"
 "server/identity/active-directory-federation-services>`_, or `Okta <https://"
 "www.okta.com/>`_)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:18
+#: ../settings/security/third-party/saml.rst:19
 msgid ""
-"This guide assumes you are already using SAML within your organization (i."
-"e., that your IdP is fully set up)."
+"This guide assumes you are already using SAML within your organization (i.e. "
+"that your IdP is fully set up)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:21
-msgid ""
-"Please note: Our instructions are based on connecting Zammad with Keycloak."
+#: ../settings/security/third-party/saml.rst:23
+msgid "Basic Configuration"
 msgstr ""
 
 #: ../settings/security/third-party/saml.rst:25
-msgid "Step 1: Configure Your IdP"
+msgid ""
+"This section describes the setup of an IdP in a general way. See :ref:`saml-"
+"guides` for setup guides for Keycloak and Microsoft SAML."
+msgstr ""
+
+#: ../settings/security/third-party/saml.rst:29
+msgid "Configure Your IdP"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:28
+#: ../settings/security/third-party/saml.rst:32
 msgid "Add Zammad as a Client/App"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:30
+#: ../settings/security/third-party/saml.rst:34
 msgid ""
 "Import Zammad into your IdP using the XML configuration found at ``https://"
 "your.zammad.domain/auth/saml/metadata``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:33
+#: ../settings/security/third-party/saml.rst:37
 msgid ""
 "If your IdP doesn't support XML import, you will have to configure Zammad as "
 "a new client/app manually using the above XML metadata file for reference."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:36
+#: ../settings/security/third-party/saml.rst:40
 msgid "For instance, when you see this tag:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:42
+#: ../settings/security/third-party/saml.rst:46
 msgid ""
 "Set the **Assertion Consumer Service Binding URL** (sometimes also listed as "
 "**Valid Redirect URIs**) to ``http://your.zammad.domain/auth/saml/callback``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:47
+#: ../settings/security/third-party/saml.rst:51
 msgid "Set Up User Attribute Mapping"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:49
+#: ../settings/security/third-party/saml.rst:53
 msgid ""
 "Zammad requests the following user attributes (or “properties”) from the IdP:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:51
+#: ../settings/security/third-party/saml.rst:55
 msgid "Email address (``email``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:52
+#: ../settings/security/third-party/saml.rst:56
 msgid "Full name (``name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:53
+#: ../settings/security/third-party/saml.rst:57
 msgid "Given name (``first_name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:54
+#: ../settings/security/third-party/saml.rst:58
 msgid "Family name (``last_name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:56
+#: ../settings/security/third-party/saml.rst:60
 msgid ""
 "You may need to set up “mappers” (or “mappings”) to tell your IdP how user "
 "attributes in SAML correspond to those in Zammad. For a more detailed "
 "breakdown, refer to the XML metadata file referenced in the previous section."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:62
-msgid "Per-IdP Instructions"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:102
-msgid "Keycloak"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:65
-msgid ""
-"**To add Zammad as a client,** save the XML configuration to disk (``https://"
-"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
-"Import client** in the Keycloak admin panel."
+#: ../settings/security/third-party/saml.rst:68
+msgid "Configuration Guides"
 msgstr ""
 
 #: ../settings/security/third-party/saml.rst:70
-msgid ""
-"To help Zammad **match its own user accounts to Keycloak users**, create a "
-"user attribute (or “property”) mapper. In **Clients list**, click on your "
-"newly created Client ID, choose the tab **Client scopes** and click on the "
-"link which refers to your Zammad instance. Choose **Add mapper > By "
-"configuration > User Property** and create a mapper with the following "
-"entries:"
+msgid "You can find specific configuration guides for:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:78
-msgid "**Name**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:80
-msgid "**Mapper Type**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:81
-msgid "``User Property``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:82
-msgid "**Property**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:83
-msgid "``emailAddress``"
+#: ../settings/security/third-party/saml.rst:72
+msgid ":doc:`Keycloak <./saml/saml-keycloak>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:84
-msgid "**SAML Attribute Name**"
+#: ../settings/security/third-party/saml.rst:73
+msgid ":doc:`Microsoft SAML <./saml/saml-microsoft>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:86
-msgid "**SAML Attribute NameFormat**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:87
-msgid "``basic``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:89
+#: ../settings/security/third-party/saml.rst:75
 msgid ""
-"In the example above, we're telling Zammad that whenever it receives a SAML "
-"login request, it should take the ``email`` property from Keycloak, look for "
-"a Zammad user with the same ``email`` attribute, and create a new session "
-"for that user."
+"If your are using another IdP, adapt it to your needs. For a description of "
+"the fields in Zammad, read on below."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:95
-msgid ""
-"If your Keycloak users' email addresses are stored on another property (*e."
-"g.,* ``username``), adjust accordingly."
+#: ../settings/security/third-party/saml.rst:88
+msgid "General Zammad Configuration"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:98
-msgid ""
-"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
-"saml/metadata``) in the field **Master SAML Processing URL**."
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:101
-msgid "You also need to enable **Sign assertions**."
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:105
-msgid "Step 2: Configure Zammad"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:107
+#: ../settings/security/third-party/saml.rst:90
 msgid ""
 "Enable SAML and enter your IdP's details in the Admin Panel under **Settings "
 "> Security > Third Party Applications > Authentication via SAML**:"
@@ -18038,66 +17980,65 @@ msgstr ""
 msgid "Example configuration of SAML part 1"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Display name"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:116
+#: ../settings/security/third-party/saml.rst:99
 msgid ""
 "Allows you to define a custom button name for SAML. This helps your users to "
 "understand better what the button on the login page does."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Defaults to ``SAML``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:123
+#: ../settings/security/third-party/saml.rst:106
 msgid "IDP SSO target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:122
+#: ../settings/security/third-party/saml.rst:105
 msgid ""
 "This is the target URL Zammad shall redirect to when the user presses the "
-"SAML button. For Keycloak, this needs to look like https://your.domain/"
-"realms/your-realm/protocol/saml"
+"SAML button."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:127
+#: ../settings/security/third-party/saml.rst:110
 msgid "IDP single logout target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:126
+#: ../settings/security/third-party/saml.rst:109
 msgid ""
 "This is the URL to which the single logout request and response should be "
 "sent."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:131
+#: ../settings/security/third-party/saml.rst:114
 msgid "IDP certificate"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:130
+#: ../settings/security/third-party/saml.rst:113
 msgid ""
 "The public certificate of your IDP for Zammad to verify during the callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:145
+#: ../settings/security/third-party/saml.rst:128
 msgid "IDP certificate fingerprint"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:134
+#: ../settings/security/third-party/saml.rst:117
 msgid ""
 "The fingerprint of your IDPs public certificate to verify during callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:137
+#: ../settings/security/third-party/saml.rst:120
 msgid "🔏 **For the IdP certificate / certificate fingerprint:**"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:139
+#: ../settings/security/third-party/saml.rst:122
 msgid ""
 "Provide **only one or the other**—do not provide both! (Between the two, we "
 "recommend the signing certificate itself: fingerprints use SHA-1, which `has "
@@ -18105,31 +18046,31 @@ msgid ""
 "sha1_broken.html>`_.)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:144
+#: ../settings/security/third-party/saml.rst:127
 msgid ""
 "**Keycloak users:** Find your certificate in the Keycloak admin panel under "
 "**Realm Settings > Keys > Algorithm: RS256 > Certificate**."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Name identifier format"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:148
+#: ../settings/security/third-party/saml.rst:131
 msgid ""
 "This is the unique identifiers field type. Usually it should be ``urn:oasis:"
 "names:tc:SAML:1.1:nameid-format:emailAddress``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Zammad **expects an email address as unique identifier**!"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:155
+#: ../settings/security/third-party/saml.rst:138
 msgid "UID attribute name"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:154
+#: ../settings/security/third-party/saml.rst:137
 msgid ""
 "Here you can define an attribute that uniquely identifies the user. If "
 "unset, the name identifier returned by the IDP is used."
@@ -18139,101 +18080,361 @@ msgstr ""
 msgid "Example configuration of SAML part 2"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:163
+#: ../settings/security/third-party/saml.rst:146
 msgid ""
 "Decide if the certificate for the connection to the IdP service has to be "
 "verified or not (default: ``yes``)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid "Signing & Encrypting"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid ""
 "Define if you want to sign, encrypt, do both or nothing for the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "Certificate (PEM)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:172
+#: ../settings/security/third-party/saml.rst:155
 msgid ""
 "Paste the public certificate of your Zammad SAML client, if you want to "
 "encrypt the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:175
+#: ../settings/security/third-party/saml.rst:158
 msgid "Make sure the certificate is:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:177
+#: ../settings/security/third-party/saml.rst:160
 msgid "already valid and not yet expired"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:178
+#: ../settings/security/third-party/saml.rst:161
 msgid "no CA certificate"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "valid for signing and encrypting"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Private key (PEM)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:182
+#: ../settings/security/third-party/saml.rst:165
 msgid ""
 "Paste the private key of your Zammad SAML client here, if you want to sign "
 "the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Make sure the key is an RSA key with a length of at least 2048 bits."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "Private key secret"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "If your private key is secured with a secret, you can provide it here."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:192
+#: ../settings/security/third-party/saml.rst:175
 msgid "Your callback URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:191
+#: ../settings/security/third-party/saml.rst:174
 msgid ""
 "This URL is needed for your IdP configuration so it knows where to redirect "
 "to after successful authentication."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:194
+#: ../settings/security/third-party/saml.rst:177
 msgid ""
 "After saving your input by clicking on the \"Submit\" button, Zammad "
 "verifies the provided keys/certificates (e.g. if they are valid for signing/"
 "encrypting and if they aren't expired)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:199
+#: ../settings/security/third-party/saml.rst:182
 msgid ""
 "See :ref:`automatic account linking <automatic-account-linking>` for details "
 "on how to link existing Zammad accounts to IdP accounts."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:205
+#: ../settings/security/third-party/saml.rst:188
 msgid "Automatic account linking doesn't work"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:206
+#: ../settings/security/third-party/saml.rst:189
 msgid ""
 "Have you double-checked your IdP's user attribute mapping configuration?"
 msgstr ""
 
+#: ../settings/security/third-party/saml/saml-keycloak.rst:2
+msgid "SAML with Keycloak"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:5
+msgid "Step 1: Keycloak Configuration"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:7
+msgid ""
+"**To add Zammad as a client,** save the XML configuration to disk (``https://"
+"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
+"Import client** in the Keycloak admin panel."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:13
+msgid ""
+"To help Zammad **match its own user accounts to Keycloak users**, create a "
+"user attribute (or “property”) mapper. In **Clients list**, click on your "
+"newly created Client ID, choose the tab **Client scopes** and click on the "
+"link which refers to your Zammad instance. Choose **Add mapper > By "
+"configuration > User Property** and create a mapper with the following "
+"entries:"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:22
+msgid "**Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:24
+msgid "**Mapper Type**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:25
+msgid "``User Property``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:26
+msgid "**Property**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:27
+msgid "``emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:28
+msgid "**SAML Attribute Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:30
+msgid "**SAML Attribute NameFormat**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:31
+msgid "``basic``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:33
+msgid ""
+"In the example above, we're telling Zammad that whenever it receives a SAML "
+"login request, it should take the ``email`` property from Keycloak, look for "
+"a Zammad user with the same ``email`` attribute, and create a new session "
+"for that user."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:39
+msgid ""
+"If your Keycloak users' email addresses are stored on another property (*e."
+"g.,* ``username``), adjust accordingly."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:42
+msgid ""
+"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
+"saml/metadata``) in the field **Master SAML Processing URL**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:46
+msgid "You also need to enable **Sign assertions**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:49
+msgid "2. Configure Zammad"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:51
+#: ../settings/security/third-party/saml/saml-microsoft.rst:53
+msgid "Log in to Zammad as an administrator"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:52
+#: ../settings/security/third-party/saml/saml-microsoft.rst:54
+msgid ""
+"In the admin panel go to \"Settings\" > \"Security\" > \"Third-party "
+"Applications\" > \"Authentication via SAML\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:54
+#: ../settings/security/third-party/saml/saml-microsoft.rst:56
+msgid "Provide the following information:"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:56
+msgid ""
+"SAML IdP Login URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:57
+msgid ""
+"SAML IdP Logout URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:59
+#: ../settings/security/third-party/saml/saml-microsoft.rst:61
+msgid ""
+"Name Identifier Format: ``urn:oasis:names:tc:SAML:1.1:nameid-format:"
+"emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:60
+#: ../settings/security/third-party/saml/saml-microsoft.rst:62
+msgid ""
+"SAML IdP Certificate: Upload the previously downloaded Base64 certificate."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:61
+#: ../settings/security/third-party/saml/saml-microsoft.rst:63
+msgid "Save the settings"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:64
+#: ../settings/security/third-party/saml/saml-microsoft.rst:72
+msgid ""
+"Read on at :ref:`saml-zammad` for a description of the specific fields in "
+"Zammad."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:2
+msgid "SAML with Microsoft 365"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:5
+msgid "1. Register Zammad as an Application in Microsoft Entra ID"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:7
+msgid "Log in to the Microsoft Entra admin center with administrative rights"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:8
+msgid ""
+"Navigate to \"Identity\" > \"Applications\" > \"Enterprise Applications\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:9
+msgid "Click \"New Application\" and select \"Create your own application\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:10
+msgid "Enter a name for the application, e.g. \"Zammad SAML Integration\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:11
+msgid ""
+"Choose \"Integrate any other application you don't find in the gallery\", "
+"then click \"Create\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:15
+msgid "2. Configure SAML-based Single Sign-On (SSO)"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:17
+msgid "After the application is created, go to its overview page"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:18
+msgid "Select \"Single sign-on\" from the left-hand menu"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:19
+msgid "Choose \"SAML\" as the sign-on method"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:20
+msgid "In the \"Basic SAML Configuration\" section, click \"Edit\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:22
+msgid ""
+"Identifier (Entity ID): Use Zammad's Entity ID, which can be found at "
+"``https://your.zammad.domain/auth/saml/metadata``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:24
+msgid ""
+"Reply URL (Assertion Consumer Service URL): Set it to ``https://your.zammad."
+"domain/auth/saml/callback``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:27
+msgid "Save the configuration"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:30
+msgid "3. Configure User Attributes and Claims Mapping"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:32
+msgid ""
+"In the \"Attributes & Claims\" section, click \"Edit\". By default, some "
+"claims like User Principal Name, Email Address, First Name, and Last Name "
+"are already configured."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid ""
+"Screenshots showing \"Attribute & Claims\" configuration in Entra admin "
+"center"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:41
+msgid "4. Download the SAML Certificate"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:43
+msgid ""
+"In the \"SAML Signing Certificate\" section, download the \"Certificate "
+"(Base64)\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid "Screenshot showing the highlighted certificate export already"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:51
+msgid "5. Configure Zammad"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:58
+msgid ""
+"IDP SSO target URL: The Login URL from the Microsoft Entra Admin Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:59
+msgid ""
+"IDP single logout target URL: The Logout URL from the Microsoft Entra Admin "
+"Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:66
+msgid "6. Assign Users"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:68
+msgid ""
+"In Microsoft Entra ID, assign the relevant users to the Zammad application "
+"to grant them access."
+msgstr ""
+
 #: ../settings/security/third-party/twitter.rst:4
 msgid ""
 "It is possible to create a quick login for your helpdesk via Twitter. To do "
diff --git a/locale/de/LC_MESSAGES/admin-docs.po b/locale/de/LC_MESSAGES/admin-docs.po
index 83403cf8..cf2a4d36 100644
--- a/locale/de/LC_MESSAGES/admin-docs.po
+++ b/locale/de/LC_MESSAGES/admin-docs.po
@@ -7,8 +7,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Zammad\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-11-14 11:32+0100\n"
-"PO-Revision-Date: 2024-11-16 16:00+0000\n"
+"POT-Creation-Date: 2024-11-29 15:26+0100\n"
+"PO-Revision-Date: 2024-12-04 10:00+0000\n"
 "Last-Translator: Ralf Schmid <rsc@zammad.com>\n"
 "Language-Team: German <https://translations.zammad.org/projects/"
 "documentations/admin-documentation-pre-release/de/>\n"
@@ -26,6 +26,7 @@ msgstr "Chat"
 #: ../channels/chat.rst:5 ../channels/facebook.rst:5
 #: ../misc/object-conditions/basics.rst:5
 #: ../settings/security/ssl-certificates.rst:5
+#: ../settings/security/third-party/saml.rst:5
 #: ../system/integrations/pgp/index.rst:5 ../system/objects/permissions.rst:5
 msgid "Introduction"
 msgstr "Einführung"
@@ -623,7 +624,7 @@ msgstr "STARTTLS"
 
 #: ../channels/email/accounts/account-setup.rst:141
 #: ../channels/email/accounts/account-setup.rst:264
-#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:166
+#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:149
 #: ../system/integrations/i-doit.rst:74
 msgid "SSL verification"
 msgstr "SSL-Verifizierung"
@@ -959,7 +960,7 @@ msgstr ""
 #: ../channels/email/accounts/account-setup.rst:288
 #: ../channels/google/basic-setup.rst:231
 #: ../channels/microsoft365/accounts/account-setup.rst:170
-#: ../settings/security/third-party/saml.rst:203
+#: ../settings/security/third-party/saml.rst:186
 #: ../system/integrations/cti/includes/troubleshooting.include.rst:2
 #: ../system/integrations/github.rst:53 ../system/integrations/gitlab.rst:46
 #: ../system/integrations/pgp/index.rst:112
@@ -5078,8 +5079,8 @@ msgid "OpenId permissions"
 msgstr "OpenId-Berechtigungen"
 
 #: ../channels/microsoft365/accounts/register-app.rst:87
-#: ../settings/security/third-party/saml.rst:79
-#: ../settings/security/third-party/saml.rst:85
+#: ../settings/security/third-party/saml/saml-keycloak.rst:23
+#: ../settings/security/third-party/saml/saml-keycloak.rst:29
 msgid "``email``"
 msgstr "``email``"
 
@@ -21813,63 +21814,65 @@ msgstr ""
 msgid "SAML"
 msgstr "SAML"
 
-#: ../settings/security/third-party/saml.rst:4
-msgid ""
-"Connect your SAML (Security Assertion Markup Language) identity provider as "
-"a single sign-on (SSO) method."
-msgstr ""
-"Verbinden Sie Ihren SAML (Security Assertion Markup Language) "
-"Identitätsanbieter als Single-Sign-On-Methode (SSO)."
-
 #: ../settings/security/third-party/saml.rst:7
 msgid ""
-"SAML is an open standard for SSO authentication (among other things). Sign-"
-"ins are shared across multiple **service providers** and managed by a "
-"central **identity provider** (IdP)."
+"Connect your SAML (Security Assertion Markup Language) identity provider as "
+"a single sign-on (SSO) method. SAML is an open standard for SSO "
+"authentication (among other things). Sign-ins are shared across multiple "
+"**service providers** and managed by a central **identity provider** (IdP)."
 msgstr ""
-"SAML ist (u.a.) ein offener Standard für die SSO-Authentifizierung. "
-"Anmeldungen werden von mehreren **Dienstanbietern** gemeinsam genutzt und "
-"von einem zentralen **Identitätsanbieter** (IdP) verwaltet."
+"Verbinden Sie Ihren SAML (Security Assertion Markup Language)-"
+"Identitätsanbieter als SSO-Methode (Single Sign-On). SAML ist ein offener "
+"Standard für die SSO-Authentifizierung (u.a.). Anmeldungen werden von "
+"mehreren **Dienstanbietern** gemeinsam genutzt und von einem zentralen "
+"**Identitätsanbieter** (Identity provider, IdP) verwaltet."
 
-#: ../settings/security/third-party/saml.rst:11
+#: ../settings/security/third-party/saml.rst:12
 msgid ""
 "In this case, the service provider is Zammad, and the IdP is a software "
-"service that you either host or subscribe to (*e.g.,* `Keycloak <https://www."
+"service that you either host or subscribe to (e.g. `Keycloak <https://www."
 "keycloak.org/>`_, `Redhat SSO Server <https://access.redhat.com/products/red-"
 "hat-single-sign-on>`_, `ADFS <https://docs.microsoft.com/en-us/windows-"
 "server/identity/active-directory-federation-services>`_, or `Okta <https://"
 "www.okta.com/>`_)."
 msgstr ""
 "In diesem Fall ist der Dienstanbieter Zammad, und der IdP ist ein "
-"Softwaredienst, den Sie entweder selbst hosten oder abonnieren (*z.B.* "
-"`Keycloak <https://www.keycloak.org/>`_, `Redhat SSO Server <https://access."
+"Softwaredienst, den Sie entweder selbst hosten oder abonnieren (z.B. `"
+"Keycloak <https://www.keycloak.org/>`_, `Redhat SSO Server <https://access."
 "redhat.com/products/red-hat-single-sign-on>`_, `ADFS <https://docs.microsoft."
 "com/en-us/windows-server/identity/active-directory-federation-services>`_, "
 "oder `Okta <https://www.okta.com/>`_)."
 
-#: ../settings/security/third-party/saml.rst:18
+#: ../settings/security/third-party/saml.rst:19
 msgid ""
-"This guide assumes you are already using SAML within your organization (i."
-"e., that your IdP is fully set up)."
+"This guide assumes you are already using SAML within your organization (i.e. "
+"that your IdP is fully set up)."
 msgstr ""
 "Die Anleitung geht davon aus, dass Sie SAML bereits in Ihrer Organisation "
 "verwenden (d.h. dass Ihr IdP vollständig eingerichtet ist)."
 
-#: ../settings/security/third-party/saml.rst:21
+#: ../settings/security/third-party/saml.rst:23
+msgid "Basic Configuration"
+msgstr "Basis-Konfiguration"
+
+#: ../settings/security/third-party/saml.rst:25
 msgid ""
-"Please note: Our instructions are based on connecting Zammad with Keycloak."
+"This section describes the setup of an IdP in a general way. See :ref:`saml-"
+"guides` for setup guides for Keycloak and Microsoft SAML."
 msgstr ""
-"Bitte beachten Sie: Unsere Anleitung basiert auf der Anbindung von Keycloak."
+"Dieser Abschnitt beschreibt die Einrichtung eines IdP in allgemeiner Form. "
+"Außerdem gibt es :ref:`Einrichtungsanleitungen <saml-guides>` für Keycloak "
+"und Microsoft SAML."
 
-#: ../settings/security/third-party/saml.rst:25
-msgid "Step 1: Configure Your IdP"
-msgstr "Schritt 1: Konfigurieren Sie Ihren IdP"
+#: ../settings/security/third-party/saml.rst:29
+msgid "Configure Your IdP"
+msgstr "Konfigurieren Sie Ihren IdP"
 
-#: ../settings/security/third-party/saml.rst:28
+#: ../settings/security/third-party/saml.rst:32
 msgid "Add Zammad as a Client/App"
 msgstr "Zammad als Client/Anwendung hinzufügen"
 
-#: ../settings/security/third-party/saml.rst:30
+#: ../settings/security/third-party/saml.rst:34
 msgid ""
 "Import Zammad into your IdP using the XML configuration found at ``https://"
 "your.zammad.domain/auth/saml/metadata``."
@@ -21877,7 +21880,7 @@ msgstr ""
 "Importieren Sie Zammad in Ihren IdP unter Verwendung der XML-Konfiguration, "
 "die Sie unter ``https://your.zammad.domain/auth/saml/metadata`` finden."
 
-#: ../settings/security/third-party/saml.rst:33
+#: ../settings/security/third-party/saml.rst:37
 msgid ""
 "If your IdP doesn't support XML import, you will have to configure Zammad as "
 "a new client/app manually using the above XML metadata file for reference."
@@ -21886,11 +21889,11 @@ msgstr ""
 "neuen Client/App konfigurieren und dabei die oben genannte XML-Metadaten-"
 "Datei als Referenz verwenden."
 
-#: ../settings/security/third-party/saml.rst:36
+#: ../settings/security/third-party/saml.rst:40
 msgid "For instance, when you see this tag:"
 msgstr "Wenn Sie zum Beispiel diesen Tag sehen:"
 
-#: ../settings/security/third-party/saml.rst:42
+#: ../settings/security/third-party/saml.rst:46
 msgid ""
 "Set the **Assertion Consumer Service Binding URL** (sometimes also listed as "
 "**Valid Redirect URIs**) to ``http://your.zammad.domain/auth/saml/callback``."
@@ -21899,34 +21902,34 @@ msgstr ""
 "**Valid Redirect URIs** bezeichnet) auf ``http://your.zammad.domain/auth/"
 "saml/callback``."
 
-#: ../settings/security/third-party/saml.rst:47
+#: ../settings/security/third-party/saml.rst:51
 msgid "Set Up User Attribute Mapping"
 msgstr "Benutzerattribut-Zuordnung einrichten"
 
-#: ../settings/security/third-party/saml.rst:49
+#: ../settings/security/third-party/saml.rst:53
 msgid ""
 "Zammad requests the following user attributes (or “properties”) from the IdP:"
 msgstr ""
 "Zammad fordert die folgenden Benutzerattribute (oder \"Eigenschaften\") vom "
 "IdP an:"
 
-#: ../settings/security/third-party/saml.rst:51
+#: ../settings/security/third-party/saml.rst:55
 msgid "Email address (``email``)"
 msgstr "E-Mail Adresse (``email``)"
 
-#: ../settings/security/third-party/saml.rst:52
+#: ../settings/security/third-party/saml.rst:56
 msgid "Full name (``name``)"
 msgstr "Vollständiger Name (``name``)"
 
-#: ../settings/security/third-party/saml.rst:53
+#: ../settings/security/third-party/saml.rst:57
 msgid "Given name (``first_name``)"
 msgstr "Vorname (``first_name``)"
 
-#: ../settings/security/third-party/saml.rst:54
+#: ../settings/security/third-party/saml.rst:58
 msgid "Family name (``last_name``)"
 msgstr "Nachname (``last_name``)"
 
-#: ../settings/security/third-party/saml.rst:56
+#: ../settings/security/third-party/saml.rst:60
 msgid ""
 "You may need to set up “mappers” (or “mappings”) to tell your IdP how user "
 "attributes in SAML correspond to those in Zammad. For a more detailed "
@@ -21937,112 +21940,35 @@ msgstr ""
 "Zammad übereinstimmen. Eine detailliertere Aufschlüsselung finden Sie in der "
 "XML-Metadaten-Datei, auf die im vorherigen Abschnitt verwiesen wurde."
 
-#: ../settings/security/third-party/saml.rst:62
-msgid "Per-IdP Instructions"
-msgstr "Informationen für verschiedene IdP"
-
-#: ../settings/security/third-party/saml.rst:102
-msgid "Keycloak"
-msgstr "Keycloak"
-
-#: ../settings/security/third-party/saml.rst:65
-msgid ""
-"**To add Zammad as a client,** save the XML configuration to disk (``https://"
-"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
-"Import client** in the Keycloak admin panel."
-msgstr ""
-"**Um Zammad als Client hinzuzufügen,** speichern Sie die XML-Konfiguration "
-"auf Ihrem Rechner (``https://your.zammad.domain/auth/saml/metadata``) und "
-"verwenden Sie **Clients > Clients list > Import client** im Keycloak Admin "
-"Panel."
+#: ../settings/security/third-party/saml.rst:68
+msgid "Configuration Guides"
+msgstr "Konfigurationsanleitung"
 
 #: ../settings/security/third-party/saml.rst:70
-msgid ""
-"To help Zammad **match its own user accounts to Keycloak users**, create a "
-"user attribute (or “property”) mapper. In **Clients list**, click on your "
-"newly created Client ID, choose the tab **Client scopes** and click on the "
-"link which refers to your Zammad instance. Choose **Add mapper > By "
-"configuration > User Property** and create a mapper with the following "
-"entries:"
-msgstr ""
-"Um Zammad bei der **Zuordnung der Benutzerkonten zu Keycloak-Benutzern** zu "
-"helfen, erstellen Sie einen Benutzerattribut- (oder \"Eigenschafts-\")-"
-"Mapper. Klicken Sie in der **Clientl list** auf Ihre neu erstellte Client-"
-"ID, wählen Sie den Reiter **Client scopes** und klicken Sie auf den Link, "
-"der auf Ihre Zammad-Instanz verweist. Wählen Sie **Add mapper > By "
-"configuration > User Property** und erstellen Sie einen Mapper mit den "
-"folgenden Einträgen:"
-
-#: ../settings/security/third-party/saml.rst:78
-msgid "**Name**"
-msgstr "**Name**"
+msgid "You can find specific configuration guides for:"
+msgstr "Sie finden Konfigurationsanleitungen für:"
 
-#: ../settings/security/third-party/saml.rst:80
-msgid "**Mapper Type**"
-msgstr "**Mapper-Typ**"
+#: ../settings/security/third-party/saml.rst:72
+msgid ":doc:`Keycloak <./saml/saml-keycloak>`"
+msgstr ":doc:`Keycloak <./saml/saml-keycloak>`"
 
-#: ../settings/security/third-party/saml.rst:81
-msgid "``User Property``"
-msgstr "``User Property``"
+#: ../settings/security/third-party/saml.rst:73
+msgid ":doc:`Microsoft SAML <./saml/saml-microsoft>`"
+msgstr ":doc:`Microsoft SAML <./saml/saml-microsoft>`"
 
-#: ../settings/security/third-party/saml.rst:82
-msgid "**Property**"
-msgstr "**Property**"
-
-#: ../settings/security/third-party/saml.rst:83
-msgid "``emailAddress``"
-msgstr "``emailAddress``"
-
-#: ../settings/security/third-party/saml.rst:84
-msgid "**SAML Attribute Name**"
-msgstr "**SAML Attribute Name**"
-
-#: ../settings/security/third-party/saml.rst:86
-msgid "**SAML Attribute NameFormat**"
-msgstr "**SAML Attribute NameFormat**"
-
-#: ../settings/security/third-party/saml.rst:87
-msgid "``basic``"
-msgstr "``basic``"
-
-#: ../settings/security/third-party/saml.rst:89
+#: ../settings/security/third-party/saml.rst:75
 msgid ""
-"In the example above, we're telling Zammad that whenever it receives a SAML "
-"login request, it should take the ``email`` property from Keycloak, look for "
-"a Zammad user with the same ``email`` attribute, and create a new session "
-"for that user."
+"If your are using another IdP, adapt it to your needs. For a description of "
+"the fields in Zammad, read on below."
 msgstr ""
-"Im obigen Beispiel weisen wir Zammad an, dass es bei jeder SAML-"
-"Anmeldeanfrage die Eigenschaft ``email`` von Keycloak nehmen, nach einem "
-"Zammad-Benutzer mit demselben ``email``-Attribut suchen und eine neue "
-"Sitzung für diesen Benutzer erstellen soll."
+"Wenn Sie einen anderen IdP verwenden, passen Sie die Schritte entsprechend "
+"an. Für eine Beschreibung der Felder in Zammad lesen Sie weiter unten."
 
-#: ../settings/security/third-party/saml.rst:95
-msgid ""
-"If your Keycloak users' email addresses are stored on another property (*e."
-"g.,* ``username``), adjust accordingly."
-msgstr ""
-"Wenn die E-Mail-Adressen Ihrer Keycloak-Benutzer in einer anderen "
-"Eigenschaft gespeichert sind (*z.B.* ``username``), passen Sie sie "
-"entsprechend an."
+#: ../settings/security/third-party/saml.rst:88
+msgid "General Zammad Configuration"
+msgstr "Allgemeine Zammad-Konfiguration"
 
-#: ../settings/security/third-party/saml.rst:98
-msgid ""
-"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
-"saml/metadata``) in the field **Master SAML Processing URL**."
-msgstr ""
-"Geben Sie in den **Einstellungen** die Client-ID (``https://your.zammad."
-"domain/auth/saml/metadata``) in das Feld **Master SAML Processing URL** ein."
-
-#: ../settings/security/third-party/saml.rst:101
-msgid "You also need to enable **Sign assertions**."
-msgstr "Sie müssen auch **Sign Assertions** aktivieren."
-
-#: ../settings/security/third-party/saml.rst:105
-msgid "Step 2: Configure Zammad"
-msgstr "Schritt 2: Zammad konfigurieren"
-
-#: ../settings/security/third-party/saml.rst:107
+#: ../settings/security/third-party/saml.rst:90
 msgid ""
 "Enable SAML and enter your IdP's details in the Admin Panel under **Settings "
 "> Security > Third Party Applications > Authentication via SAML**:"
@@ -22055,11 +21981,11 @@ msgstr ""
 msgid "Example configuration of SAML part 1"
 msgstr "Beispielkonfiguration von SAML Teil 1"
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Display name"
 msgstr "Anzeigename"
 
-#: ../settings/security/third-party/saml.rst:116
+#: ../settings/security/third-party/saml.rst:99
 msgid ""
 "Allows you to define a custom button name for SAML. This helps your users to "
 "understand better what the button on the login page does."
@@ -22068,29 +21994,27 @@ msgstr ""
 "Das kann hilfreich sein, damit Ihre Benutzer verstehen, was die Schaltfläche "
 "auf der Anmeldeseite genau bewirkt."
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Defaults to ``SAML``."
 msgstr "Die Voreinstellung ist ``SAML``."
 
-#: ../settings/security/third-party/saml.rst:123
+#: ../settings/security/third-party/saml.rst:106
 msgid "IDP SSO target URL"
 msgstr "IDP SSO Ziel-URL"
 
-#: ../settings/security/third-party/saml.rst:122
+#: ../settings/security/third-party/saml.rst:105
 msgid ""
 "This is the target URL Zammad shall redirect to when the user presses the "
-"SAML button. For Keycloak, this needs to look like https://your.domain/"
-"realms/your-realm/protocol/saml"
+"SAML button."
 msgstr ""
-"Dies ist die Ziel-URL, zu der Zammad umleiten soll, wenn der Benutzer die "
-"SAML-Schaltfläche anklickt. Für Keycloak muss dies wie folgt aussehen: "
-"https://your.domain/realms/your-realm/protocol/saml."
+"Dies ist die Ziel-URL, an die Zammad weiterleiten soll, wenn der Benutzer "
+"die SAML-Schaltfläche drückt."
 
-#: ../settings/security/third-party/saml.rst:127
+#: ../settings/security/third-party/saml.rst:110
 msgid "IDP single logout target URL"
 msgstr "IDP Ziel-URL für Einzel-Abmeldung"
 
-#: ../settings/security/third-party/saml.rst:126
+#: ../settings/security/third-party/saml.rst:109
 msgid ""
 "This is the URL to which the single logout request and response should be "
 "sent."
@@ -22098,11 +22022,11 @@ msgstr ""
 "Dies ist die URL, an die die einzelne Abmeldeanforderung gesendet werden "
 "soll."
 
-#: ../settings/security/third-party/saml.rst:131
+#: ../settings/security/third-party/saml.rst:114
 msgid "IDP certificate"
 msgstr "IDP-Zertifikat"
 
-#: ../settings/security/third-party/saml.rst:130
+#: ../settings/security/third-party/saml.rst:113
 msgid ""
 "The public certificate of your IDP for Zammad to verify during the callback "
 "phase."
@@ -22110,11 +22034,11 @@ msgstr ""
 "Das öffentliche Zertifikat Ihres IDP, das Zammad während des \"Callbacks\" "
 "überprüfen soll."
 
-#: ../settings/security/third-party/saml.rst:145
+#: ../settings/security/third-party/saml.rst:128
 msgid "IDP certificate fingerprint"
 msgstr "Fingerabdruck IDP-Zertifikat"
 
-#: ../settings/security/third-party/saml.rst:134
+#: ../settings/security/third-party/saml.rst:117
 msgid ""
 "The fingerprint of your IDPs public certificate to verify during callback "
 "phase."
@@ -22122,11 +22046,11 @@ msgstr ""
 "Der Fingerabdruck Ihres öffentlichen IDP-Zertifikats, der während des "
 "\"Callbacks\" geprüft wird."
 
-#: ../settings/security/third-party/saml.rst:137
+#: ../settings/security/third-party/saml.rst:120
 msgid "🔏 **For the IdP certificate / certificate fingerprint:**"
 msgstr "🔏 **Für das IdP-Zertifikat / den Zertifikatsfingerabdruck:**"
 
-#: ../settings/security/third-party/saml.rst:139
+#: ../settings/security/third-party/saml.rst:122
 msgid ""
 "Provide **only one or the other**—do not provide both! (Between the two, we "
 "recommend the signing certificate itself: fingerprints use SHA-1, which `has "
@@ -22138,7 +22062,7 @@ msgstr ""
 "als unsicher gilt <https://www.schneier.com/blog/archives/2005/02/"
 "sha1_broken.html>`_)."
 
-#: ../settings/security/third-party/saml.rst:144
+#: ../settings/security/third-party/saml.rst:127
 msgid ""
 "**Keycloak users:** Find your certificate in the Keycloak admin panel under "
 "**Realm Settings > Keys > Algorithm: RS256 > Certificate**."
@@ -22147,11 +22071,11 @@ msgstr ""
 "Administrationsbereich unter **Realm Settings > Keys > Algorithm: RS256 > "
 "Certificate**."
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Name identifier format"
 msgstr "Name Identifier Format"
 
-#: ../settings/security/third-party/saml.rst:148
+#: ../settings/security/third-party/saml.rst:131
 msgid ""
 "This is the unique identifiers field type. Usually it should be ``urn:oasis:"
 "names:tc:SAML:1.1:nameid-format:emailAddress``."
@@ -22160,15 +22084,15 @@ msgstr ""
 "Normalerweise ist es ``urn:oasis:names:tc:SAML:1.1:nameid-format:"
 "emailAddress``."
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Zammad **expects an email address as unique identifier**!"
 msgstr "Zammad **erwartet eine E-Mail-Adresse als eindeutigen Identifikator**!"
 
-#: ../settings/security/third-party/saml.rst:155
+#: ../settings/security/third-party/saml.rst:138
 msgid "UID attribute name"
 msgstr "Name des UID-Attributs"
 
-#: ../settings/security/third-party/saml.rst:154
+#: ../settings/security/third-party/saml.rst:137
 msgid ""
 "Here you can define an attribute that uniquely identifies the user. If "
 "unset, the name identifier returned by the IDP is used."
@@ -22181,7 +22105,7 @@ msgstr ""
 msgid "Example configuration of SAML part 2"
 msgstr "Beispielkonfiguration von SAML Teil 2"
 
-#: ../settings/security/third-party/saml.rst:163
+#: ../settings/security/third-party/saml.rst:146
 msgid ""
 "Decide if the certificate for the connection to the IdP service has to be "
 "verified or not (default: ``yes``)."
@@ -22189,22 +22113,22 @@ msgstr ""
 "Entscheiden Sie, ob das Zertifikat für die Verbindung zum IdP-Dienst "
 "verifiziert werden muss oder nicht (Standard: ``Ja``)."
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid "Signing & Encrypting"
 msgstr "Signieren & Verschlüsseln"
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid ""
 "Define if you want to sign, encrypt, do both or nothing for the requests."
 msgstr ""
 "Legen Sie fest, ob Sie die Anfragen signieren, verschlüsseln, beides oder "
 "nichts tun wollen."
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "Certificate (PEM)"
 msgstr "Zertifikat (PEM)"
 
-#: ../settings/security/third-party/saml.rst:172
+#: ../settings/security/third-party/saml.rst:155
 msgid ""
 "Paste the public certificate of your Zammad SAML client, if you want to "
 "encrypt the requests."
@@ -22212,27 +22136,27 @@ msgstr ""
 "Fügen Sie das öffentliche Zertifikat Ihres Zammad SAML-Clients ein, wenn Sie "
 "die Anfragen verschlüsseln möchten."
 
-#: ../settings/security/third-party/saml.rst:175
+#: ../settings/security/third-party/saml.rst:158
 msgid "Make sure the certificate is:"
 msgstr "Vergewissern Sie sich, dass das Zertifikat:"
 
-#: ../settings/security/third-party/saml.rst:177
+#: ../settings/security/third-party/saml.rst:160
 msgid "already valid and not yet expired"
 msgstr "bereits gültig und noch nicht abgelaufen ist"
 
-#: ../settings/security/third-party/saml.rst:178
+#: ../settings/security/third-party/saml.rst:161
 msgid "no CA certificate"
 msgstr "kein CA-Zertifikat ist"
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "valid for signing and encrypting"
 msgstr "gültig zum Signieren und Verschlüsseln ist"
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Private key (PEM)"
 msgstr "Privater Schlüssel (PEM)"
 
-#: ../settings/security/third-party/saml.rst:182
+#: ../settings/security/third-party/saml.rst:165
 msgid ""
 "Paste the private key of your Zammad SAML client here, if you want to sign "
 "the requests."
@@ -22240,27 +22164,27 @@ msgstr ""
 "Fügen Sie hier den privaten Schlüssel Ihres Zammad SAML-Clients ein, wenn "
 "Sie die Anfragen signieren möchten."
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Make sure the key is an RSA key with a length of at least 2048 bits."
 msgstr ""
 "Stellen Sie sicher, dass der Schlüssel ein RSA-Schlüssel mit einer Länge von "
 "mindestens 2048 Bit ist."
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "Private key secret"
 msgstr "Geheimnis des privaten Schlüssels"
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "If your private key is secured with a secret, you can provide it here."
 msgstr ""
 "Wenn Ihr privater Schlüssel mit einem Passwort gesichert ist, können Sie es "
 "hier angeben."
 
-#: ../settings/security/third-party/saml.rst:192
+#: ../settings/security/third-party/saml.rst:175
 msgid "Your callback URL"
 msgstr "Ihre Callback-URL"
 
-#: ../settings/security/third-party/saml.rst:191
+#: ../settings/security/third-party/saml.rst:174
 msgid ""
 "This URL is needed for your IdP configuration so it knows where to redirect "
 "to after successful authentication."
@@ -22268,7 +22192,7 @@ msgstr ""
 "Diese URL wird für die IdP-Konfiguration benötigt, damit dieser weiß, wohin "
 "er nach erfolgreicher Authentifizierung weiterleiten muss."
 
-#: ../settings/security/third-party/saml.rst:194
+#: ../settings/security/third-party/saml.rst:177
 msgid ""
 "After saving your input by clicking on the \"Submit\" button, Zammad "
 "verifies the provided keys/certificates (e.g. if they are valid for signing/"
@@ -22279,7 +22203,7 @@ msgstr ""
 "Zertifikate (z.B. ob sie zum Signieren/Verschlüsseln gültig und nicht "
 "abgelaufen sind)."
 
-#: ../settings/security/third-party/saml.rst:199
+#: ../settings/security/third-party/saml.rst:182
 msgid ""
 "See :ref:`automatic account linking <automatic-account-linking>` for details "
 "on how to link existing Zammad accounts to IdP accounts."
@@ -22287,17 +22211,331 @@ msgstr ""
 "Siehe :ref:`automatische Kontoverknüpfung <automatic-account-linking>` für "
 "Details zur Verknüpfung bestehender Zammad-Konten mit IdP-Konten."
 
-#: ../settings/security/third-party/saml.rst:205
+#: ../settings/security/third-party/saml.rst:188
 msgid "Automatic account linking doesn't work"
 msgstr "Automatische Kontoverknüpfung funktioniert nicht"
 
-#: ../settings/security/third-party/saml.rst:206
+#: ../settings/security/third-party/saml.rst:189
 msgid ""
 "Have you double-checked your IdP's user attribute mapping configuration?"
 msgstr ""
 "Haben Sie die Konfiguration der Benutzerattribut-Zuordnung Ihres IdP "
 "überprüft?"
 
+#: ../settings/security/third-party/saml/saml-keycloak.rst:2
+msgid "SAML with Keycloak"
+msgstr "SAML mit Keycloak"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:5
+msgid "Step 1: Keycloak Configuration"
+msgstr "Schritt 1: Keycloak-Konfiguration"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:7
+msgid ""
+"**To add Zammad as a client,** save the XML configuration to disk (``https://"
+"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
+"Import client** in the Keycloak admin panel."
+msgstr ""
+"**Um Zammad als Client hinzuzufügen,** speichern Sie die XML-Konfiguration "
+"auf Ihrem Rechner (``https://your.zammad.domain/auth/saml/metadata``) und "
+"verwenden Sie **Clients > Clients list > Import client** im Keycloak Admin "
+"Panel."
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:13
+msgid ""
+"To help Zammad **match its own user accounts to Keycloak users**, create a "
+"user attribute (or “property”) mapper. In **Clients list**, click on your "
+"newly created Client ID, choose the tab **Client scopes** and click on the "
+"link which refers to your Zammad instance. Choose **Add mapper > By "
+"configuration > User Property** and create a mapper with the following "
+"entries:"
+msgstr ""
+"Um Zammad bei der **Zuordnung der Benutzerkonten zu Keycloak-Benutzern** zu "
+"helfen, erstellen Sie einen Benutzerattribut- (oder \"Eigenschafts-\")-"
+"Mapper. Klicken Sie in der **Clientl list** auf Ihre neu erstellte Client-"
+"ID, wählen Sie den Reiter **Client scopes** und klicken Sie auf den Link, "
+"der auf Ihre Zammad-Instanz verweist. Wählen Sie **Add mapper > By "
+"configuration > User Property** und erstellen Sie einen Mapper mit den "
+"folgenden Einträgen:"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:22
+msgid "**Name**"
+msgstr "**Name**"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:24
+msgid "**Mapper Type**"
+msgstr "**Mapper-Typ**"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:25
+msgid "``User Property``"
+msgstr "``User Property``"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:26
+msgid "**Property**"
+msgstr "**Property**"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:27
+msgid "``emailAddress``"
+msgstr "``emailAddress``"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:28
+msgid "**SAML Attribute Name**"
+msgstr "**SAML Attribute Name**"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:30
+msgid "**SAML Attribute NameFormat**"
+msgstr "**SAML Attribute NameFormat**"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:31
+msgid "``basic``"
+msgstr "``basic``"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:33
+msgid ""
+"In the example above, we're telling Zammad that whenever it receives a SAML "
+"login request, it should take the ``email`` property from Keycloak, look for "
+"a Zammad user with the same ``email`` attribute, and create a new session "
+"for that user."
+msgstr ""
+"Im obigen Beispiel weisen wir Zammad an, dass es bei jeder SAML-"
+"Anmeldeanfrage die Eigenschaft ``email`` von Keycloak nehmen, nach einem "
+"Zammad-Benutzer mit demselben ``email``-Attribut suchen und eine neue "
+"Sitzung für diesen Benutzer erstellen soll."
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:39
+msgid ""
+"If your Keycloak users' email addresses are stored on another property (*e."
+"g.,* ``username``), adjust accordingly."
+msgstr ""
+"Wenn die E-Mail-Adressen Ihrer Keycloak-Benutzer in einer anderen "
+"Eigenschaft gespeichert sind (*z.B.* ``username``), passen Sie sie "
+"entsprechend an."
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:42
+msgid ""
+"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
+"saml/metadata``) in the field **Master SAML Processing URL**."
+msgstr ""
+"Geben Sie in den **Einstellungen** die Client-ID (``https://your.zammad."
+"domain/auth/saml/metadata``) in das Feld **Master SAML Processing URL** ein."
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:46
+msgid "You also need to enable **Sign assertions**."
+msgstr "Sie müssen auch **Sign Assertions** aktivieren."
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:49
+msgid "2. Configure Zammad"
+msgstr "2. Konfigurieren Sie Zammad"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:51
+#: ../settings/security/third-party/saml/saml-microsoft.rst:53
+msgid "Log in to Zammad as an administrator"
+msgstr "Als Administrator bei Zammad anmelden"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:52
+#: ../settings/security/third-party/saml/saml-microsoft.rst:54
+msgid ""
+"In the admin panel go to \"Settings\" > \"Security\" > \"Third-party "
+"Applications\" > \"Authentication via SAML\""
+msgstr ""
+"Gehen Sie im Admin-Bereich zu \"Einstellungen\" > \"Sicherheit\" > "
+"\"Anwendungen von Drittanbietern\" > \"Authentifizierung über SAML\"."
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:54
+#: ../settings/security/third-party/saml/saml-microsoft.rst:56
+msgid "Provide the following information:"
+msgstr "Geben Sie die folgenden Informationen an:"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:56
+msgid ""
+"SAML IdP Login URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+"SAML IdP Login URL: ``https://ihre.domain/realms/your-realm/protocol/saml``"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:57
+msgid ""
+"SAML IdP Logout URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+"SAML IdP Logout-URL: ``https://ihre.domain/realms/your-realm/protocol/saml``"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:59
+#: ../settings/security/third-party/saml/saml-microsoft.rst:61
+msgid ""
+"Name Identifier Format: ``urn:oasis:names:tc:SAML:1.1:nameid-format:"
+"emailAddress``"
+msgstr ""
+"Name Identifier Format: ``urn:oasis:names:tc:SAML:1.1:nameid-"
+"format:emailAddress``"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:60
+#: ../settings/security/third-party/saml/saml-microsoft.rst:62
+msgid ""
+"SAML IdP Certificate: Upload the previously downloaded Base64 certificate."
+msgstr ""
+"SAML IdP-Zertifikat: Laden Sie das zuvor heruntergeladene Base64-Zertifikat "
+"hoch."
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:61
+#: ../settings/security/third-party/saml/saml-microsoft.rst:63
+msgid "Save the settings"
+msgstr "Speichern Sie die Einstellungen"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:64
+#: ../settings/security/third-party/saml/saml-microsoft.rst:72
+msgid ""
+"Read on at :ref:`saml-zammad` for a description of the specific fields in "
+"Zammad."
+msgstr ""
+"Lesen Sie weiter unter :ref:`saml-zammad` für eine Beschreibung der "
+"einzelnen Felder in Zammad."
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:2
+msgid "SAML with Microsoft 365"
+msgstr "SAML mit Microsoft 365"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:5
+msgid "1. Register Zammad as an Application in Microsoft Entra ID"
+msgstr "1. Zammad als Anwendung in Microsoft Entra ID registrieren"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:7
+msgid "Log in to the Microsoft Entra admin center with administrative rights"
+msgstr ""
+"Melden Sie sich im Microsoft Entra Admin Center mit administrativen Rechten "
+"an"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:8
+msgid ""
+"Navigate to \"Identity\" > \"Applications\" > \"Enterprise Applications\""
+msgstr ""
+"Navigieren Sie zu \"Identity\" > \"Applications\" > \"Enterprise "
+"Applications\""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:9
+msgid "Click \"New Application\" and select \"Create your own application\""
+msgstr ""
+"Klicken Sie auf \"New Application\" und wählen Sie \"Create your own "
+"application\""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:10
+msgid "Enter a name for the application, e.g. \"Zammad SAML Integration\""
+msgstr ""
+"Geben Sie einen Namen für die Anwendung ein, z.B. \"Zammad SAML Integration\""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:11
+msgid ""
+"Choose \"Integrate any other application you don't find in the gallery\", "
+"then click \"Create\""
+msgstr ""
+"Wählen Sie \"Integrate any other application you don't find in the gallery\""
+", und klicken Sie dann auf \"Create\""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:15
+msgid "2. Configure SAML-based Single Sign-On (SSO)"
+msgstr "2. Konfigurieren Sie SAML-basiertes Single Sign-On (SSO)"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:17
+msgid "After the application is created, go to its overview page"
+msgstr "Nachdem die Anwendung erstellt wurde, gehen Sie zur Übersichtsseite"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:18
+msgid "Select \"Single sign-on\" from the left-hand menu"
+msgstr "Wählen Sie \"Single sign-on\" aus dem linken Menü"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:19
+msgid "Choose \"SAML\" as the sign-on method"
+msgstr "Wählen Sie \"SAML\" als Anmeldemethode"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:20
+msgid "In the \"Basic SAML Configuration\" section, click \"Edit\":"
+msgstr "Klicken Sie im Abschnitt \"Basic SAML Configuration\" auf \"Edit\":"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:22
+msgid ""
+"Identifier (Entity ID): Use Zammad's Entity ID, which can be found at "
+"``https://your.zammad.domain/auth/saml/metadata``"
+msgstr ""
+"Identifier (Entity ID): Verwenden Sie die Entity ID von Zammad, die Sie "
+"unter ``https://ihre.zammad.domain/auth/saml/metadata`` finden können."
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:24
+msgid ""
+"Reply URL (Assertion Consumer Service URL): Set it to ``https://your.zammad."
+"domain/auth/saml/callback``"
+msgstr ""
+"Reply URL (Assertion Consumer Service URL): Setzen Sie sie auf ``https://ihre"
+".zammad.domain/auth/saml/callback``."
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:27
+msgid "Save the configuration"
+msgstr "Speichern Sie die Konfiguration"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:30
+msgid "3. Configure User Attributes and Claims Mapping"
+msgstr "3. Benutzer-Attribute und Claims-Zuordnung konfigurieren"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:32
+msgid ""
+"In the \"Attributes & Claims\" section, click \"Edit\". By default, some "
+"claims like User Principal Name, Email Address, First Name, and Last Name "
+"are already configured."
+msgstr ""
+"Klicken Sie im Abschnitt \"Attributes & Claims\" auf \"Edit\". Standardmäßig "
+"sind einige Angaben wie User Principal Name, EMail-Address, First Name und "
+"Last Name bereits konfiguriert."
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid ""
+"Screenshots showing \"Attribute & Claims\" configuration in Entra admin "
+"center"
+msgstr ""
+"Screenshots der \"Attribute & Claims\"-Konfiguration im Entra Admin Center"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:41
+msgid "4. Download the SAML Certificate"
+msgstr "4. Laden Sie das SAML-Zertifikat herunter"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:43
+msgid ""
+"In the \"SAML Signing Certificate\" section, download the \"Certificate "
+"(Base64)\":"
+msgstr ""
+"Laden Sie im Abschnitt \"SAML Signing Certificate\" das \"Certificate "
+"(Base64)\" herunter:"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid "Screenshot showing the highlighted certificate export already"
+msgstr "Screenshot zeigt den hervorgehobenen Zertifikatexport"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:51
+msgid "5. Configure Zammad"
+msgstr "5. Zammad konfigurieren"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:58
+msgid ""
+"IDP SSO target URL: The Login URL from the Microsoft Entra Admin Center."
+msgstr ""
+"IDP SSO target URL: Die Anmelde-URL aus dem Microsoft Entra Admin Center."
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:59
+msgid ""
+"IDP single logout target URL: The Logout URL from the Microsoft Entra Admin "
+"Center."
+msgstr ""
+"IDP single logout target URL: Die Logout URL aus dem Microsoft Entra Admin "
+"Center."
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:66
+msgid "6. Assign Users"
+msgstr "6. Benutzer zuweisen"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:68
+msgid ""
+"In Microsoft Entra ID, assign the relevant users to the Zammad application "
+"to grant them access."
+msgstr ""
+"Weisen Sie in Microsoft Entra ID die entsprechenden Benutzer der Zammad-"
+"Anwendung zu, um ihnen Zugriff zu gewähren."
+
 #: ../settings/security/third-party/twitter.rst:4
 msgid ""
 "It is possible to create a quick login for your helpdesk via Twitter. To do "
@@ -32814,6 +33052,23 @@ msgid "Shows which version is currently being used on your Zammad-instance."
 msgstr ""
 "Zeigt an, welche Version derzeit auf Ihrer Zammad-Instanz verwendet wird."
 
+#~ msgid ""
+#~ "Connect your SAML (Security Assertion Markup Language) identity provider "
+#~ "as a single sign-on (SSO) method."
+#~ msgstr ""
+#~ "Verbinden Sie Ihren SAML (Security Assertion Markup Language) "
+#~ "Identitätsanbieter als Single-Sign-On-Methode (SSO)."
+
+#~ msgid ""
+#~ "Please note: Our instructions are based on connecting Zammad with "
+#~ "Keycloak."
+#~ msgstr ""
+#~ "Bitte beachten Sie: Unsere Anleitung basiert auf der Anbindung von "
+#~ "Keycloak."
+
+#~ msgid "Per-IdP Instructions"
+#~ msgstr "Informationen für verschiedene IdP"
+
 #~ msgid ""
 #~ "Disabling this flag is a soft alternative to deleting a user. So what's "
 #~ "the difference?"
@@ -35681,9 +35936,6 @@ msgstr ""
 #~ msgid "Default: ``500``"
 #~ msgstr "Standardwert: ``500``"
 
-#~ msgid "Zammad - Documentation for administrators"
-#~ msgstr "Zammad - Dokumentation für Administratoren"
-
 #~ msgid "`System > API <https://docs.zammad.org/en/latest/api-intro.html>`_"
 #~ msgstr "`System > API <https://docs.zammad.org/en/latest/api-intro.html>`_"
 
diff --git a/locale/es/LC_MESSAGES/admin-docs.po b/locale/es/LC_MESSAGES/admin-docs.po
index eaf07151..b502e1d1 100644
--- a/locale/es/LC_MESSAGES/admin-docs.po
+++ b/locale/es/LC_MESSAGES/admin-docs.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Zammad\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-11-14 11:32+0100\n"
+"POT-Creation-Date: 2024-11-29 15:26+0100\n"
 "PO-Revision-Date: 2024-10-18 22:00+0000\n"
 "Last-Translator: Marian <mariandilda@gmail.com>\n"
 "Language-Team: Spanish <https://translations.zammad.org/projects/"
@@ -26,6 +26,7 @@ msgstr "Chat"
 #: ../channels/chat.rst:5 ../channels/facebook.rst:5
 #: ../misc/object-conditions/basics.rst:5
 #: ../settings/security/ssl-certificates.rst:5
+#: ../settings/security/third-party/saml.rst:5
 #: ../system/integrations/pgp/index.rst:5 ../system/objects/permissions.rst:5
 msgid "Introduction"
 msgstr "Introducción"
@@ -609,7 +610,7 @@ msgstr ""
 
 #: ../channels/email/accounts/account-setup.rst:141
 #: ../channels/email/accounts/account-setup.rst:264
-#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:166
+#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:149
 #: ../system/integrations/i-doit.rst:74
 #, fuzzy
 msgid "SSL verification"
@@ -881,7 +882,7 @@ msgstr ""
 #: ../channels/email/accounts/account-setup.rst:288
 #: ../channels/google/basic-setup.rst:231
 #: ../channels/microsoft365/accounts/account-setup.rst:170
-#: ../settings/security/third-party/saml.rst:203
+#: ../settings/security/third-party/saml.rst:186
 #: ../system/integrations/cti/includes/troubleshooting.include.rst:2
 #: ../system/integrations/github.rst:53 ../system/integrations/gitlab.rst:46
 #: ../system/integrations/pgp/index.rst:112
@@ -4182,8 +4183,8 @@ msgid "OpenId permissions"
 msgstr ""
 
 #: ../channels/microsoft365/accounts/register-app.rst:87
-#: ../settings/security/third-party/saml.rst:79
-#: ../settings/security/third-party/saml.rst:85
+#: ../settings/security/third-party/saml/saml-keycloak.rst:23
+#: ../settings/security/third-party/saml/saml-keycloak.rst:29
 msgid "``email``"
 msgstr ""
 
@@ -18122,188 +18123,133 @@ msgstr ""
 msgid "SAML"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:4
-msgid ""
-"Connect your SAML (Security Assertion Markup Language) identity provider as "
-"a single sign-on (SSO) method."
-msgstr ""
-
 #: ../settings/security/third-party/saml.rst:7
 msgid ""
-"SAML is an open standard for SSO authentication (among other things). Sign-"
-"ins are shared across multiple **service providers** and managed by a "
-"central **identity provider** (IdP)."
+"Connect your SAML (Security Assertion Markup Language) identity provider as "
+"a single sign-on (SSO) method. SAML is an open standard for SSO "
+"authentication (among other things). Sign-ins are shared across multiple "
+"**service providers** and managed by a central **identity provider** (IdP)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:11
+#: ../settings/security/third-party/saml.rst:12
 msgid ""
 "In this case, the service provider is Zammad, and the IdP is a software "
-"service that you either host or subscribe to (*e.g.,* `Keycloak <https://www."
+"service that you either host or subscribe to (e.g. `Keycloak <https://www."
 "keycloak.org/>`_, `Redhat SSO Server <https://access.redhat.com/products/red-"
 "hat-single-sign-on>`_, `ADFS <https://docs.microsoft.com/en-us/windows-"
 "server/identity/active-directory-federation-services>`_, or `Okta <https://"
 "www.okta.com/>`_)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:18
+#: ../settings/security/third-party/saml.rst:19
 msgid ""
-"This guide assumes you are already using SAML within your organization (i."
-"e., that your IdP is fully set up)."
+"This guide assumes you are already using SAML within your organization (i.e. "
+"that your IdP is fully set up)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:21
+#: ../settings/security/third-party/saml.rst:23
+#, fuzzy
+#| msgid "Configuration of the Chat widget"
+msgid "Basic Configuration"
+msgstr "Configuración del widget de chat"
+
+#: ../settings/security/third-party/saml.rst:25
 msgid ""
-"Please note: Our instructions are based on connecting Zammad with Keycloak."
+"This section describes the setup of an IdP in a general way. See :ref:`saml-"
+"guides` for setup guides for Keycloak and Microsoft SAML."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:25
-msgid "Step 1: Configure Your IdP"
+#: ../settings/security/third-party/saml.rst:29
+msgid "Configure Your IdP"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:28
+#: ../settings/security/third-party/saml.rst:32
 msgid "Add Zammad as a Client/App"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:30
+#: ../settings/security/third-party/saml.rst:34
 msgid ""
 "Import Zammad into your IdP using the XML configuration found at ``https://"
 "your.zammad.domain/auth/saml/metadata``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:33
+#: ../settings/security/third-party/saml.rst:37
 msgid ""
 "If your IdP doesn't support XML import, you will have to configure Zammad as "
 "a new client/app manually using the above XML metadata file for reference."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:36
+#: ../settings/security/third-party/saml.rst:40
 msgid "For instance, when you see this tag:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:42
+#: ../settings/security/third-party/saml.rst:46
 msgid ""
 "Set the **Assertion Consumer Service Binding URL** (sometimes also listed as "
 "**Valid Redirect URIs**) to ``http://your.zammad.domain/auth/saml/callback``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:47
+#: ../settings/security/third-party/saml.rst:51
 msgid "Set Up User Attribute Mapping"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:49
+#: ../settings/security/third-party/saml.rst:53
 msgid ""
 "Zammad requests the following user attributes (or “properties”) from the IdP:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:51
+#: ../settings/security/third-party/saml.rst:55
 msgid "Email address (``email``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:52
+#: ../settings/security/third-party/saml.rst:56
 msgid "Full name (``name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:53
+#: ../settings/security/third-party/saml.rst:57
 msgid "Given name (``first_name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:54
+#: ../settings/security/third-party/saml.rst:58
 msgid "Family name (``last_name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:56
+#: ../settings/security/third-party/saml.rst:60
 msgid ""
 "You may need to set up “mappers” (or “mappings”) to tell your IdP how user "
 "attributes in SAML correspond to those in Zammad. For a more detailed "
 "breakdown, refer to the XML metadata file referenced in the previous section."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:62
-msgid "Per-IdP Instructions"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:102
-msgid "Keycloak"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:65
-msgid ""
-"**To add Zammad as a client,** save the XML configuration to disk (``https://"
-"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
-"Import client** in the Keycloak admin panel."
-msgstr ""
+#: ../settings/security/third-party/saml.rst:68
+#, fuzzy
+#| msgid "Configuration of the Chat widget"
+msgid "Configuration Guides"
+msgstr "Configuración del widget de chat"
 
 #: ../settings/security/third-party/saml.rst:70
-msgid ""
-"To help Zammad **match its own user accounts to Keycloak users**, create a "
-"user attribute (or “property”) mapper. In **Clients list**, click on your "
-"newly created Client ID, choose the tab **Client scopes** and click on the "
-"link which refers to your Zammad instance. Choose **Add mapper > By "
-"configuration > User Property** and create a mapper with the following "
-"entries:"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:78
-msgid "**Name**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:80
-msgid "**Mapper Type**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:81
-msgid "``User Property``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:82
-msgid "**Property**"
+msgid "You can find specific configuration guides for:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:83
-msgid "``emailAddress``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:84
-msgid "**SAML Attribute Name**"
+#: ../settings/security/third-party/saml.rst:72
+msgid ":doc:`Keycloak <./saml/saml-keycloak>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:86
-msgid "**SAML Attribute NameFormat**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:87
-msgid "``basic``"
+#: ../settings/security/third-party/saml.rst:73
+msgid ":doc:`Microsoft SAML <./saml/saml-microsoft>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:89
+#: ../settings/security/third-party/saml.rst:75
 msgid ""
-"In the example above, we're telling Zammad that whenever it receives a SAML "
-"login request, it should take the ``email`` property from Keycloak, look for "
-"a Zammad user with the same ``email`` attribute, and create a new session "
-"for that user."
+"If your are using another IdP, adapt it to your needs. For a description of "
+"the fields in Zammad, read on below."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:95
-msgid ""
-"If your Keycloak users' email addresses are stored on another property (*e."
-"g.,* ``username``), adjust accordingly."
+#: ../settings/security/third-party/saml.rst:88
+msgid "General Zammad Configuration"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:98
-msgid ""
-"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
-"saml/metadata``) in the field **Master SAML Processing URL**."
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:101
-msgid "You also need to enable **Sign assertions**."
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:105
-msgid "Step 2: Configure Zammad"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:107
+#: ../settings/security/third-party/saml.rst:90
 msgid ""
 "Enable SAML and enter your IdP's details in the Admin Panel under **Settings "
 "> Security > Third Party Applications > Authentication via SAML**:"
@@ -18313,67 +18259,66 @@ msgstr ""
 msgid "Example configuration of SAML part 1"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Display name"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:116
+#: ../settings/security/third-party/saml.rst:99
 msgid ""
 "Allows you to define a custom button name for SAML. This helps your users to "
 "understand better what the button on the login page does."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Defaults to ``SAML``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:123
+#: ../settings/security/third-party/saml.rst:106
 msgid "IDP SSO target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:122
+#: ../settings/security/third-party/saml.rst:105
 msgid ""
 "This is the target URL Zammad shall redirect to when the user presses the "
-"SAML button. For Keycloak, this needs to look like https://your.domain/"
-"realms/your-realm/protocol/saml"
+"SAML button."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:127
+#: ../settings/security/third-party/saml.rst:110
 msgid "IDP single logout target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:126
+#: ../settings/security/third-party/saml.rst:109
 msgid ""
 "This is the URL to which the single logout request and response should be "
 "sent."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:131
+#: ../settings/security/third-party/saml.rst:114
 #, fuzzy
 msgid "IDP certificate"
 msgstr "Verificación de correo electrónico"
 
-#: ../settings/security/third-party/saml.rst:130
+#: ../settings/security/third-party/saml.rst:113
 msgid ""
 "The public certificate of your IDP for Zammad to verify during the callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:145
+#: ../settings/security/third-party/saml.rst:128
 msgid "IDP certificate fingerprint"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:134
+#: ../settings/security/third-party/saml.rst:117
 msgid ""
 "The fingerprint of your IDPs public certificate to verify during callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:137
+#: ../settings/security/third-party/saml.rst:120
 msgid "🔏 **For the IdP certificate / certificate fingerprint:**"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:139
+#: ../settings/security/third-party/saml.rst:122
 msgid ""
 "Provide **only one or the other**—do not provide both! (Between the two, we "
 "recommend the signing certificate itself: fingerprints use SHA-1, which `has "
@@ -18381,31 +18326,31 @@ msgid ""
 "sha1_broken.html>`_.)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:144
+#: ../settings/security/third-party/saml.rst:127
 msgid ""
 "**Keycloak users:** Find your certificate in the Keycloak admin panel under "
 "**Realm Settings > Keys > Algorithm: RS256 > Certificate**."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Name identifier format"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:148
+#: ../settings/security/third-party/saml.rst:131
 msgid ""
 "This is the unique identifiers field type. Usually it should be ``urn:oasis:"
 "names:tc:SAML:1.1:nameid-format:emailAddress``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Zammad **expects an email address as unique identifier**!"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:155
+#: ../settings/security/third-party/saml.rst:138
 msgid "UID attribute name"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:154
+#: ../settings/security/third-party/saml.rst:137
 msgid ""
 "Here you can define an attribute that uniquely identifies the user. If "
 "unset, the name identifier returned by the IDP is used."
@@ -18415,104 +18360,370 @@ msgstr ""
 msgid "Example configuration of SAML part 2"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:163
+#: ../settings/security/third-party/saml.rst:146
 msgid ""
 "Decide if the certificate for the connection to the IdP service has to be "
 "verified or not (default: ``yes``)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid "Signing & Encrypting"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid ""
 "Define if you want to sign, encrypt, do both or nothing for the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "Certificate (PEM)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:172
+#: ../settings/security/third-party/saml.rst:155
 msgid ""
 "Paste the public certificate of your Zammad SAML client, if you want to "
 "encrypt the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:175
+#: ../settings/security/third-party/saml.rst:158
 #, fuzzy
 msgid "Make sure the certificate is:"
 msgstr "Verificación de correo electrónico"
 
-#: ../settings/security/third-party/saml.rst:177
+#: ../settings/security/third-party/saml.rst:160
 msgid "already valid and not yet expired"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:178
+#: ../settings/security/third-party/saml.rst:161
 #, fuzzy
 msgid "no CA certificate"
 msgstr "Verificación de correo electrónico"
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "valid for signing and encrypting"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Private key (PEM)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:182
+#: ../settings/security/third-party/saml.rst:165
 msgid ""
 "Paste the private key of your Zammad SAML client here, if you want to sign "
 "the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Make sure the key is an RSA key with a length of at least 2048 bits."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "Private key secret"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "If your private key is secured with a secret, you can provide it here."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:192
+#: ../settings/security/third-party/saml.rst:175
 msgid "Your callback URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:191
+#: ../settings/security/third-party/saml.rst:174
 msgid ""
 "This URL is needed for your IdP configuration so it knows where to redirect "
 "to after successful authentication."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:194
+#: ../settings/security/third-party/saml.rst:177
 msgid ""
 "After saving your input by clicking on the \"Submit\" button, Zammad "
 "verifies the provided keys/certificates (e.g. if they are valid for signing/"
 "encrypting and if they aren't expired)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:199
+#: ../settings/security/third-party/saml.rst:182
 msgid ""
 "See :ref:`automatic account linking <automatic-account-linking>` for details "
 "on how to link existing Zammad accounts to IdP accounts."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:205
+#: ../settings/security/third-party/saml.rst:188
 #, fuzzy
 msgid "Automatic account linking doesn't work"
 msgstr "Notificación automática de vinculación de cuentas"
 
-#: ../settings/security/third-party/saml.rst:206
+#: ../settings/security/third-party/saml.rst:189
 msgid ""
 "Have you double-checked your IdP's user attribute mapping configuration?"
 msgstr ""
 
+#: ../settings/security/third-party/saml/saml-keycloak.rst:2
+msgid "SAML with Keycloak"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:5
+msgid "Step 1: Keycloak Configuration"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:7
+msgid ""
+"**To add Zammad as a client,** save the XML configuration to disk (``https://"
+"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
+"Import client** in the Keycloak admin panel."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:13
+msgid ""
+"To help Zammad **match its own user accounts to Keycloak users**, create a "
+"user attribute (or “property”) mapper. In **Clients list**, click on your "
+"newly created Client ID, choose the tab **Client scopes** and click on the "
+"link which refers to your Zammad instance. Choose **Add mapper > By "
+"configuration > User Property** and create a mapper with the following "
+"entries:"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:22
+msgid "**Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:24
+msgid "**Mapper Type**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:25
+msgid "``User Property``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:26
+msgid "**Property**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:27
+msgid "``emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:28
+msgid "**SAML Attribute Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:30
+msgid "**SAML Attribute NameFormat**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:31
+msgid "``basic``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:33
+msgid ""
+"In the example above, we're telling Zammad that whenever it receives a SAML "
+"login request, it should take the ``email`` property from Keycloak, look for "
+"a Zammad user with the same ``email`` attribute, and create a new session "
+"for that user."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:39
+msgid ""
+"If your Keycloak users' email addresses are stored on another property (*e."
+"g.,* ``username``), adjust accordingly."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:42
+msgid ""
+"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
+"saml/metadata``) in the field **Master SAML Processing URL**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:46
+msgid "You also need to enable **Sign assertions**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:49
+msgid "2. Configure Zammad"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:51
+#: ../settings/security/third-party/saml/saml-microsoft.rst:53
+msgid "Log in to Zammad as an administrator"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:52
+#: ../settings/security/third-party/saml/saml-microsoft.rst:54
+msgid ""
+"In the admin panel go to \"Settings\" > \"Security\" > \"Third-party "
+"Applications\" > \"Authentication via SAML\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:54
+#: ../settings/security/third-party/saml/saml-microsoft.rst:56
+msgid "Provide the following information:"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:56
+msgid ""
+"SAML IdP Login URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:57
+msgid ""
+"SAML IdP Logout URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:59
+#: ../settings/security/third-party/saml/saml-microsoft.rst:61
+msgid ""
+"Name Identifier Format: ``urn:oasis:names:tc:SAML:1.1:nameid-format:"
+"emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:60
+#: ../settings/security/third-party/saml/saml-microsoft.rst:62
+msgid ""
+"SAML IdP Certificate: Upload the previously downloaded Base64 certificate."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:61
+#: ../settings/security/third-party/saml/saml-microsoft.rst:63
+#, fuzzy
+msgid "Save the settings"
+msgstr "Verificación de correo electrónico"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:64
+#: ../settings/security/third-party/saml/saml-microsoft.rst:72
+msgid ""
+"Read on at :ref:`saml-zammad` for a description of the specific fields in "
+"Zammad."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:2
+msgid "SAML with Microsoft 365"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:5
+msgid "1. Register Zammad as an Application in Microsoft Entra ID"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:7
+msgid "Log in to the Microsoft Entra admin center with administrative rights"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:8
+msgid ""
+"Navigate to \"Identity\" > \"Applications\" > \"Enterprise Applications\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:9
+msgid "Click \"New Application\" and select \"Create your own application\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:10
+msgid "Enter a name for the application, e.g. \"Zammad SAML Integration\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:11
+msgid ""
+"Choose \"Integrate any other application you don't find in the gallery\", "
+"then click \"Create\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:15
+msgid "2. Configure SAML-based Single Sign-On (SSO)"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:17
+msgid "After the application is created, go to its overview page"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:18
+msgid "Select \"Single sign-on\" from the left-hand menu"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:19
+msgid "Choose \"SAML\" as the sign-on method"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:20
+msgid "In the \"Basic SAML Configuration\" section, click \"Edit\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:22
+msgid ""
+"Identifier (Entity ID): Use Zammad's Entity ID, which can be found at "
+"``https://your.zammad.domain/auth/saml/metadata``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:24
+msgid ""
+"Reply URL (Assertion Consumer Service URL): Set it to ``https://your.zammad."
+"domain/auth/saml/callback``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:27
+msgid "Save the configuration"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:30
+msgid "3. Configure User Attributes and Claims Mapping"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:32
+msgid ""
+"In the \"Attributes & Claims\" section, click \"Edit\". By default, some "
+"claims like User Principal Name, Email Address, First Name, and Last Name "
+"are already configured."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid ""
+"Screenshots showing \"Attribute & Claims\" configuration in Entra admin "
+"center"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:41
+#, fuzzy
+msgid "4. Download the SAML Certificate"
+msgstr "Verificación de correo electrónico"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:43
+msgid ""
+"In the \"SAML Signing Certificate\" section, download the \"Certificate "
+"(Base64)\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+#, fuzzy
+#| msgid "Screenshot showing basic email account setup inbound"
+msgid "Screenshot showing the highlighted certificate export already"
+msgstr ""
+"Captura de pantalla que muestra la configuración básica de una cuenta de "
+"correo electrónico entrante"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:51
+msgid "5. Configure Zammad"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:58
+msgid ""
+"IDP SSO target URL: The Login URL from the Microsoft Entra Admin Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:59
+msgid ""
+"IDP single logout target URL: The Logout URL from the Microsoft Entra Admin "
+"Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:66
+msgid "6. Assign Users"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:68
+msgid ""
+"In Microsoft Entra ID, assign the relevant users to the Zammad application "
+"to grant them access."
+msgstr ""
+
 #: ../settings/security/third-party/twitter.rst:4
 msgid ""
 "It is possible to create a quick login for your helpdesk via Twitter. To do "
diff --git a/locale/es_CO/LC_MESSAGES/admin-docs.po b/locale/es_CO/LC_MESSAGES/admin-docs.po
index b2107e91..6949cc7b 100644
--- a/locale/es_CO/LC_MESSAGES/admin-docs.po
+++ b/locale/es_CO/LC_MESSAGES/admin-docs.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Zammad\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-11-14 11:32+0100\n"
+"POT-Creation-Date: 2024-11-29 15:26+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: Automatically generated\n"
 "Language-Team: none\n"
@@ -23,6 +23,7 @@ msgstr ""
 #: ../channels/chat.rst:5 ../channels/facebook.rst:5
 #: ../misc/object-conditions/basics.rst:5
 #: ../settings/security/ssl-certificates.rst:5
+#: ../settings/security/third-party/saml.rst:5
 #: ../system/integrations/pgp/index.rst:5 ../system/objects/permissions.rst:5
 msgid "Introduction"
 msgstr ""
@@ -505,7 +506,7 @@ msgstr ""
 
 #: ../channels/email/accounts/account-setup.rst:141
 #: ../channels/email/accounts/account-setup.rst:264
-#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:166
+#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:149
 #: ../system/integrations/i-doit.rst:74
 msgid "SSL verification"
 msgstr ""
@@ -770,7 +771,7 @@ msgstr ""
 #: ../channels/email/accounts/account-setup.rst:288
 #: ../channels/google/basic-setup.rst:231
 #: ../channels/microsoft365/accounts/account-setup.rst:170
-#: ../settings/security/third-party/saml.rst:203
+#: ../settings/security/third-party/saml.rst:186
 #: ../system/integrations/cti/includes/troubleshooting.include.rst:2
 #: ../system/integrations/github.rst:53 ../system/integrations/gitlab.rst:46
 #: ../system/integrations/pgp/index.rst:112
@@ -4027,8 +4028,8 @@ msgid "OpenId permissions"
 msgstr ""
 
 #: ../channels/microsoft365/accounts/register-app.rst:87
-#: ../settings/security/third-party/saml.rst:79
-#: ../settings/security/third-party/saml.rst:85
+#: ../settings/security/third-party/saml/saml-keycloak.rst:23
+#: ../settings/security/third-party/saml/saml-keycloak.rst:29
 msgid "``email``"
 msgstr ""
 
@@ -17847,188 +17848,129 @@ msgstr ""
 msgid "SAML"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:4
-msgid ""
-"Connect your SAML (Security Assertion Markup Language) identity provider as "
-"a single sign-on (SSO) method."
-msgstr ""
-
 #: ../settings/security/third-party/saml.rst:7
 msgid ""
-"SAML is an open standard for SSO authentication (among other things). Sign-"
-"ins are shared across multiple **service providers** and managed by a "
-"central **identity provider** (IdP)."
+"Connect your SAML (Security Assertion Markup Language) identity provider as "
+"a single sign-on (SSO) method. SAML is an open standard for SSO "
+"authentication (among other things). Sign-ins are shared across multiple "
+"**service providers** and managed by a central **identity provider** (IdP)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:11
+#: ../settings/security/third-party/saml.rst:12
 msgid ""
 "In this case, the service provider is Zammad, and the IdP is a software "
-"service that you either host or subscribe to (*e.g.,* `Keycloak <https://www."
+"service that you either host or subscribe to (e.g. `Keycloak <https://www."
 "keycloak.org/>`_, `Redhat SSO Server <https://access.redhat.com/products/red-"
 "hat-single-sign-on>`_, `ADFS <https://docs.microsoft.com/en-us/windows-"
 "server/identity/active-directory-federation-services>`_, or `Okta <https://"
 "www.okta.com/>`_)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:18
+#: ../settings/security/third-party/saml.rst:19
 msgid ""
-"This guide assumes you are already using SAML within your organization (i."
-"e., that your IdP is fully set up)."
+"This guide assumes you are already using SAML within your organization (i.e. "
+"that your IdP is fully set up)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:21
-msgid ""
-"Please note: Our instructions are based on connecting Zammad with Keycloak."
+#: ../settings/security/third-party/saml.rst:23
+msgid "Basic Configuration"
 msgstr ""
 
 #: ../settings/security/third-party/saml.rst:25
-msgid "Step 1: Configure Your IdP"
+msgid ""
+"This section describes the setup of an IdP in a general way. See :ref:`saml-"
+"guides` for setup guides for Keycloak and Microsoft SAML."
+msgstr ""
+
+#: ../settings/security/third-party/saml.rst:29
+msgid "Configure Your IdP"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:28
+#: ../settings/security/third-party/saml.rst:32
 msgid "Add Zammad as a Client/App"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:30
+#: ../settings/security/third-party/saml.rst:34
 msgid ""
 "Import Zammad into your IdP using the XML configuration found at ``https://"
 "your.zammad.domain/auth/saml/metadata``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:33
+#: ../settings/security/third-party/saml.rst:37
 msgid ""
 "If your IdP doesn't support XML import, you will have to configure Zammad as "
 "a new client/app manually using the above XML metadata file for reference."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:36
+#: ../settings/security/third-party/saml.rst:40
 msgid "For instance, when you see this tag:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:42
+#: ../settings/security/third-party/saml.rst:46
 msgid ""
 "Set the **Assertion Consumer Service Binding URL** (sometimes also listed as "
 "**Valid Redirect URIs**) to ``http://your.zammad.domain/auth/saml/callback``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:47
+#: ../settings/security/third-party/saml.rst:51
 msgid "Set Up User Attribute Mapping"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:49
+#: ../settings/security/third-party/saml.rst:53
 msgid ""
 "Zammad requests the following user attributes (or “properties”) from the IdP:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:51
+#: ../settings/security/third-party/saml.rst:55
 msgid "Email address (``email``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:52
+#: ../settings/security/third-party/saml.rst:56
 msgid "Full name (``name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:53
+#: ../settings/security/third-party/saml.rst:57
 msgid "Given name (``first_name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:54
+#: ../settings/security/third-party/saml.rst:58
 msgid "Family name (``last_name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:56
+#: ../settings/security/third-party/saml.rst:60
 msgid ""
 "You may need to set up “mappers” (or “mappings”) to tell your IdP how user "
 "attributes in SAML correspond to those in Zammad. For a more detailed "
 "breakdown, refer to the XML metadata file referenced in the previous section."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:62
-msgid "Per-IdP Instructions"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:102
-msgid "Keycloak"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:65
-msgid ""
-"**To add Zammad as a client,** save the XML configuration to disk (``https://"
-"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
-"Import client** in the Keycloak admin panel."
+#: ../settings/security/third-party/saml.rst:68
+msgid "Configuration Guides"
 msgstr ""
 
 #: ../settings/security/third-party/saml.rst:70
-msgid ""
-"To help Zammad **match its own user accounts to Keycloak users**, create a "
-"user attribute (or “property”) mapper. In **Clients list**, click on your "
-"newly created Client ID, choose the tab **Client scopes** and click on the "
-"link which refers to your Zammad instance. Choose **Add mapper > By "
-"configuration > User Property** and create a mapper with the following "
-"entries:"
+msgid "You can find specific configuration guides for:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:78
-msgid "**Name**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:80
-msgid "**Mapper Type**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:81
-msgid "``User Property``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:82
-msgid "**Property**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:83
-msgid "``emailAddress``"
+#: ../settings/security/third-party/saml.rst:72
+msgid ":doc:`Keycloak <./saml/saml-keycloak>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:84
-msgid "**SAML Attribute Name**"
+#: ../settings/security/third-party/saml.rst:73
+msgid ":doc:`Microsoft SAML <./saml/saml-microsoft>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:86
-msgid "**SAML Attribute NameFormat**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:87
-msgid "``basic``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:89
+#: ../settings/security/third-party/saml.rst:75
 msgid ""
-"In the example above, we're telling Zammad that whenever it receives a SAML "
-"login request, it should take the ``email`` property from Keycloak, look for "
-"a Zammad user with the same ``email`` attribute, and create a new session "
-"for that user."
+"If your are using another IdP, adapt it to your needs. For a description of "
+"the fields in Zammad, read on below."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:95
-msgid ""
-"If your Keycloak users' email addresses are stored on another property (*e."
-"g.,* ``username``), adjust accordingly."
+#: ../settings/security/third-party/saml.rst:88
+msgid "General Zammad Configuration"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:98
-msgid ""
-"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
-"saml/metadata``) in the field **Master SAML Processing URL**."
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:101
-msgid "You also need to enable **Sign assertions**."
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:105
-msgid "Step 2: Configure Zammad"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:107
+#: ../settings/security/third-party/saml.rst:90
 msgid ""
 "Enable SAML and enter your IdP's details in the Admin Panel under **Settings "
 "> Security > Third Party Applications > Authentication via SAML**:"
@@ -18038,66 +17980,65 @@ msgstr ""
 msgid "Example configuration of SAML part 1"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Display name"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:116
+#: ../settings/security/third-party/saml.rst:99
 msgid ""
 "Allows you to define a custom button name for SAML. This helps your users to "
 "understand better what the button on the login page does."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Defaults to ``SAML``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:123
+#: ../settings/security/third-party/saml.rst:106
 msgid "IDP SSO target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:122
+#: ../settings/security/third-party/saml.rst:105
 msgid ""
 "This is the target URL Zammad shall redirect to when the user presses the "
-"SAML button. For Keycloak, this needs to look like https://your.domain/"
-"realms/your-realm/protocol/saml"
+"SAML button."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:127
+#: ../settings/security/third-party/saml.rst:110
 msgid "IDP single logout target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:126
+#: ../settings/security/third-party/saml.rst:109
 msgid ""
 "This is the URL to which the single logout request and response should be "
 "sent."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:131
+#: ../settings/security/third-party/saml.rst:114
 msgid "IDP certificate"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:130
+#: ../settings/security/third-party/saml.rst:113
 msgid ""
 "The public certificate of your IDP for Zammad to verify during the callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:145
+#: ../settings/security/third-party/saml.rst:128
 msgid "IDP certificate fingerprint"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:134
+#: ../settings/security/third-party/saml.rst:117
 msgid ""
 "The fingerprint of your IDPs public certificate to verify during callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:137
+#: ../settings/security/third-party/saml.rst:120
 msgid "🔏 **For the IdP certificate / certificate fingerprint:**"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:139
+#: ../settings/security/third-party/saml.rst:122
 msgid ""
 "Provide **only one or the other**—do not provide both! (Between the two, we "
 "recommend the signing certificate itself: fingerprints use SHA-1, which `has "
@@ -18105,31 +18046,31 @@ msgid ""
 "sha1_broken.html>`_.)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:144
+#: ../settings/security/third-party/saml.rst:127
 msgid ""
 "**Keycloak users:** Find your certificate in the Keycloak admin panel under "
 "**Realm Settings > Keys > Algorithm: RS256 > Certificate**."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Name identifier format"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:148
+#: ../settings/security/third-party/saml.rst:131
 msgid ""
 "This is the unique identifiers field type. Usually it should be ``urn:oasis:"
 "names:tc:SAML:1.1:nameid-format:emailAddress``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Zammad **expects an email address as unique identifier**!"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:155
+#: ../settings/security/third-party/saml.rst:138
 msgid "UID attribute name"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:154
+#: ../settings/security/third-party/saml.rst:137
 msgid ""
 "Here you can define an attribute that uniquely identifies the user. If "
 "unset, the name identifier returned by the IDP is used."
@@ -18139,101 +18080,361 @@ msgstr ""
 msgid "Example configuration of SAML part 2"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:163
+#: ../settings/security/third-party/saml.rst:146
 msgid ""
 "Decide if the certificate for the connection to the IdP service has to be "
 "verified or not (default: ``yes``)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid "Signing & Encrypting"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid ""
 "Define if you want to sign, encrypt, do both or nothing for the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "Certificate (PEM)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:172
+#: ../settings/security/third-party/saml.rst:155
 msgid ""
 "Paste the public certificate of your Zammad SAML client, if you want to "
 "encrypt the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:175
+#: ../settings/security/third-party/saml.rst:158
 msgid "Make sure the certificate is:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:177
+#: ../settings/security/third-party/saml.rst:160
 msgid "already valid and not yet expired"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:178
+#: ../settings/security/third-party/saml.rst:161
 msgid "no CA certificate"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "valid for signing and encrypting"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Private key (PEM)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:182
+#: ../settings/security/third-party/saml.rst:165
 msgid ""
 "Paste the private key of your Zammad SAML client here, if you want to sign "
 "the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Make sure the key is an RSA key with a length of at least 2048 bits."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "Private key secret"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "If your private key is secured with a secret, you can provide it here."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:192
+#: ../settings/security/third-party/saml.rst:175
 msgid "Your callback URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:191
+#: ../settings/security/third-party/saml.rst:174
 msgid ""
 "This URL is needed for your IdP configuration so it knows where to redirect "
 "to after successful authentication."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:194
+#: ../settings/security/third-party/saml.rst:177
 msgid ""
 "After saving your input by clicking on the \"Submit\" button, Zammad "
 "verifies the provided keys/certificates (e.g. if they are valid for signing/"
 "encrypting and if they aren't expired)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:199
+#: ../settings/security/third-party/saml.rst:182
 msgid ""
 "See :ref:`automatic account linking <automatic-account-linking>` for details "
 "on how to link existing Zammad accounts to IdP accounts."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:205
+#: ../settings/security/third-party/saml.rst:188
 msgid "Automatic account linking doesn't work"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:206
+#: ../settings/security/third-party/saml.rst:189
 msgid ""
 "Have you double-checked your IdP's user attribute mapping configuration?"
 msgstr ""
 
+#: ../settings/security/third-party/saml/saml-keycloak.rst:2
+msgid "SAML with Keycloak"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:5
+msgid "Step 1: Keycloak Configuration"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:7
+msgid ""
+"**To add Zammad as a client,** save the XML configuration to disk (``https://"
+"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
+"Import client** in the Keycloak admin panel."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:13
+msgid ""
+"To help Zammad **match its own user accounts to Keycloak users**, create a "
+"user attribute (or “property”) mapper. In **Clients list**, click on your "
+"newly created Client ID, choose the tab **Client scopes** and click on the "
+"link which refers to your Zammad instance. Choose **Add mapper > By "
+"configuration > User Property** and create a mapper with the following "
+"entries:"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:22
+msgid "**Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:24
+msgid "**Mapper Type**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:25
+msgid "``User Property``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:26
+msgid "**Property**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:27
+msgid "``emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:28
+msgid "**SAML Attribute Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:30
+msgid "**SAML Attribute NameFormat**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:31
+msgid "``basic``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:33
+msgid ""
+"In the example above, we're telling Zammad that whenever it receives a SAML "
+"login request, it should take the ``email`` property from Keycloak, look for "
+"a Zammad user with the same ``email`` attribute, and create a new session "
+"for that user."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:39
+msgid ""
+"If your Keycloak users' email addresses are stored on another property (*e."
+"g.,* ``username``), adjust accordingly."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:42
+msgid ""
+"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
+"saml/metadata``) in the field **Master SAML Processing URL**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:46
+msgid "You also need to enable **Sign assertions**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:49
+msgid "2. Configure Zammad"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:51
+#: ../settings/security/third-party/saml/saml-microsoft.rst:53
+msgid "Log in to Zammad as an administrator"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:52
+#: ../settings/security/third-party/saml/saml-microsoft.rst:54
+msgid ""
+"In the admin panel go to \"Settings\" > \"Security\" > \"Third-party "
+"Applications\" > \"Authentication via SAML\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:54
+#: ../settings/security/third-party/saml/saml-microsoft.rst:56
+msgid "Provide the following information:"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:56
+msgid ""
+"SAML IdP Login URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:57
+msgid ""
+"SAML IdP Logout URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:59
+#: ../settings/security/third-party/saml/saml-microsoft.rst:61
+msgid ""
+"Name Identifier Format: ``urn:oasis:names:tc:SAML:1.1:nameid-format:"
+"emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:60
+#: ../settings/security/third-party/saml/saml-microsoft.rst:62
+msgid ""
+"SAML IdP Certificate: Upload the previously downloaded Base64 certificate."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:61
+#: ../settings/security/third-party/saml/saml-microsoft.rst:63
+msgid "Save the settings"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:64
+#: ../settings/security/third-party/saml/saml-microsoft.rst:72
+msgid ""
+"Read on at :ref:`saml-zammad` for a description of the specific fields in "
+"Zammad."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:2
+msgid "SAML with Microsoft 365"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:5
+msgid "1. Register Zammad as an Application in Microsoft Entra ID"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:7
+msgid "Log in to the Microsoft Entra admin center with administrative rights"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:8
+msgid ""
+"Navigate to \"Identity\" > \"Applications\" > \"Enterprise Applications\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:9
+msgid "Click \"New Application\" and select \"Create your own application\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:10
+msgid "Enter a name for the application, e.g. \"Zammad SAML Integration\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:11
+msgid ""
+"Choose \"Integrate any other application you don't find in the gallery\", "
+"then click \"Create\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:15
+msgid "2. Configure SAML-based Single Sign-On (SSO)"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:17
+msgid "After the application is created, go to its overview page"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:18
+msgid "Select \"Single sign-on\" from the left-hand menu"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:19
+msgid "Choose \"SAML\" as the sign-on method"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:20
+msgid "In the \"Basic SAML Configuration\" section, click \"Edit\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:22
+msgid ""
+"Identifier (Entity ID): Use Zammad's Entity ID, which can be found at "
+"``https://your.zammad.domain/auth/saml/metadata``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:24
+msgid ""
+"Reply URL (Assertion Consumer Service URL): Set it to ``https://your.zammad."
+"domain/auth/saml/callback``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:27
+msgid "Save the configuration"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:30
+msgid "3. Configure User Attributes and Claims Mapping"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:32
+msgid ""
+"In the \"Attributes & Claims\" section, click \"Edit\". By default, some "
+"claims like User Principal Name, Email Address, First Name, and Last Name "
+"are already configured."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid ""
+"Screenshots showing \"Attribute & Claims\" configuration in Entra admin "
+"center"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:41
+msgid "4. Download the SAML Certificate"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:43
+msgid ""
+"In the \"SAML Signing Certificate\" section, download the \"Certificate "
+"(Base64)\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid "Screenshot showing the highlighted certificate export already"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:51
+msgid "5. Configure Zammad"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:58
+msgid ""
+"IDP SSO target URL: The Login URL from the Microsoft Entra Admin Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:59
+msgid ""
+"IDP single logout target URL: The Logout URL from the Microsoft Entra Admin "
+"Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:66
+msgid "6. Assign Users"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:68
+msgid ""
+"In Microsoft Entra ID, assign the relevant users to the Zammad application "
+"to grant them access."
+msgstr ""
+
 #: ../settings/security/third-party/twitter.rst:4
 msgid ""
 "It is possible to create a quick login for your helpdesk via Twitter. To do "
diff --git a/locale/es_MX/LC_MESSAGES/admin-docs.po b/locale/es_MX/LC_MESSAGES/admin-docs.po
index 4fba5146..012a4552 100644
--- a/locale/es_MX/LC_MESSAGES/admin-docs.po
+++ b/locale/es_MX/LC_MESSAGES/admin-docs.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Zammad\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-11-14 11:32+0100\n"
+"POT-Creation-Date: 2024-11-29 15:26+0100\n"
 "PO-Revision-Date: 2023-10-11 14:18+0000\n"
 "Last-Translator: morealedgar <morealedgar@gmail.com>\n"
 "Language-Team: Spanish (Mexico) <https://translations.zammad.org/projects/"
@@ -26,6 +26,7 @@ msgstr "Chat"
 #: ../channels/chat.rst:5 ../channels/facebook.rst:5
 #: ../misc/object-conditions/basics.rst:5
 #: ../settings/security/ssl-certificates.rst:5
+#: ../settings/security/third-party/saml.rst:5
 #: ../system/integrations/pgp/index.rst:5 ../system/objects/permissions.rst:5
 msgid "Introduction"
 msgstr ""
@@ -508,7 +509,7 @@ msgstr ""
 
 #: ../channels/email/accounts/account-setup.rst:141
 #: ../channels/email/accounts/account-setup.rst:264
-#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:166
+#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:149
 #: ../system/integrations/i-doit.rst:74
 msgid "SSL verification"
 msgstr ""
@@ -773,7 +774,7 @@ msgstr ""
 #: ../channels/email/accounts/account-setup.rst:288
 #: ../channels/google/basic-setup.rst:231
 #: ../channels/microsoft365/accounts/account-setup.rst:170
-#: ../settings/security/third-party/saml.rst:203
+#: ../settings/security/third-party/saml.rst:186
 #: ../system/integrations/cti/includes/troubleshooting.include.rst:2
 #: ../system/integrations/github.rst:53 ../system/integrations/gitlab.rst:46
 #: ../system/integrations/pgp/index.rst:112
@@ -4032,8 +4033,8 @@ msgid "OpenId permissions"
 msgstr ""
 
 #: ../channels/microsoft365/accounts/register-app.rst:87
-#: ../settings/security/third-party/saml.rst:79
-#: ../settings/security/third-party/saml.rst:85
+#: ../settings/security/third-party/saml/saml-keycloak.rst:23
+#: ../settings/security/third-party/saml/saml-keycloak.rst:29
 msgid "``email``"
 msgstr ""
 
@@ -17852,188 +17853,129 @@ msgstr ""
 msgid "SAML"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:4
-msgid ""
-"Connect your SAML (Security Assertion Markup Language) identity provider as "
-"a single sign-on (SSO) method."
-msgstr ""
-
 #: ../settings/security/third-party/saml.rst:7
 msgid ""
-"SAML is an open standard for SSO authentication (among other things). Sign-"
-"ins are shared across multiple **service providers** and managed by a "
-"central **identity provider** (IdP)."
+"Connect your SAML (Security Assertion Markup Language) identity provider as "
+"a single sign-on (SSO) method. SAML is an open standard for SSO "
+"authentication (among other things). Sign-ins are shared across multiple "
+"**service providers** and managed by a central **identity provider** (IdP)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:11
+#: ../settings/security/third-party/saml.rst:12
 msgid ""
 "In this case, the service provider is Zammad, and the IdP is a software "
-"service that you either host or subscribe to (*e.g.,* `Keycloak <https://www."
+"service that you either host or subscribe to (e.g. `Keycloak <https://www."
 "keycloak.org/>`_, `Redhat SSO Server <https://access.redhat.com/products/red-"
 "hat-single-sign-on>`_, `ADFS <https://docs.microsoft.com/en-us/windows-"
 "server/identity/active-directory-federation-services>`_, or `Okta <https://"
 "www.okta.com/>`_)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:18
+#: ../settings/security/third-party/saml.rst:19
 msgid ""
-"This guide assumes you are already using SAML within your organization (i."
-"e., that your IdP is fully set up)."
+"This guide assumes you are already using SAML within your organization (i.e. "
+"that your IdP is fully set up)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:21
-msgid ""
-"Please note: Our instructions are based on connecting Zammad with Keycloak."
+#: ../settings/security/third-party/saml.rst:23
+msgid "Basic Configuration"
 msgstr ""
 
 #: ../settings/security/third-party/saml.rst:25
-msgid "Step 1: Configure Your IdP"
+msgid ""
+"This section describes the setup of an IdP in a general way. See :ref:`saml-"
+"guides` for setup guides for Keycloak and Microsoft SAML."
+msgstr ""
+
+#: ../settings/security/third-party/saml.rst:29
+msgid "Configure Your IdP"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:28
+#: ../settings/security/third-party/saml.rst:32
 msgid "Add Zammad as a Client/App"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:30
+#: ../settings/security/third-party/saml.rst:34
 msgid ""
 "Import Zammad into your IdP using the XML configuration found at ``https://"
 "your.zammad.domain/auth/saml/metadata``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:33
+#: ../settings/security/third-party/saml.rst:37
 msgid ""
 "If your IdP doesn't support XML import, you will have to configure Zammad as "
 "a new client/app manually using the above XML metadata file for reference."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:36
+#: ../settings/security/third-party/saml.rst:40
 msgid "For instance, when you see this tag:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:42
+#: ../settings/security/third-party/saml.rst:46
 msgid ""
 "Set the **Assertion Consumer Service Binding URL** (sometimes also listed as "
 "**Valid Redirect URIs**) to ``http://your.zammad.domain/auth/saml/callback``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:47
+#: ../settings/security/third-party/saml.rst:51
 msgid "Set Up User Attribute Mapping"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:49
+#: ../settings/security/third-party/saml.rst:53
 msgid ""
 "Zammad requests the following user attributes (or “properties”) from the IdP:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:51
+#: ../settings/security/third-party/saml.rst:55
 msgid "Email address (``email``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:52
+#: ../settings/security/third-party/saml.rst:56
 msgid "Full name (``name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:53
+#: ../settings/security/third-party/saml.rst:57
 msgid "Given name (``first_name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:54
+#: ../settings/security/third-party/saml.rst:58
 msgid "Family name (``last_name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:56
+#: ../settings/security/third-party/saml.rst:60
 msgid ""
 "You may need to set up “mappers” (or “mappings”) to tell your IdP how user "
 "attributes in SAML correspond to those in Zammad. For a more detailed "
 "breakdown, refer to the XML metadata file referenced in the previous section."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:62
-msgid "Per-IdP Instructions"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:102
-msgid "Keycloak"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:65
-msgid ""
-"**To add Zammad as a client,** save the XML configuration to disk (``https://"
-"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
-"Import client** in the Keycloak admin panel."
+#: ../settings/security/third-party/saml.rst:68
+msgid "Configuration Guides"
 msgstr ""
 
 #: ../settings/security/third-party/saml.rst:70
-msgid ""
-"To help Zammad **match its own user accounts to Keycloak users**, create a "
-"user attribute (or “property”) mapper. In **Clients list**, click on your "
-"newly created Client ID, choose the tab **Client scopes** and click on the "
-"link which refers to your Zammad instance. Choose **Add mapper > By "
-"configuration > User Property** and create a mapper with the following "
-"entries:"
+msgid "You can find specific configuration guides for:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:78
-msgid "**Name**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:80
-msgid "**Mapper Type**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:81
-msgid "``User Property``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:82
-msgid "**Property**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:83
-msgid "``emailAddress``"
+#: ../settings/security/third-party/saml.rst:72
+msgid ":doc:`Keycloak <./saml/saml-keycloak>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:84
-msgid "**SAML Attribute Name**"
+#: ../settings/security/third-party/saml.rst:73
+msgid ":doc:`Microsoft SAML <./saml/saml-microsoft>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:86
-msgid "**SAML Attribute NameFormat**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:87
-msgid "``basic``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:89
+#: ../settings/security/third-party/saml.rst:75
 msgid ""
-"In the example above, we're telling Zammad that whenever it receives a SAML "
-"login request, it should take the ``email`` property from Keycloak, look for "
-"a Zammad user with the same ``email`` attribute, and create a new session "
-"for that user."
+"If your are using another IdP, adapt it to your needs. For a description of "
+"the fields in Zammad, read on below."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:95
-msgid ""
-"If your Keycloak users' email addresses are stored on another property (*e."
-"g.,* ``username``), adjust accordingly."
+#: ../settings/security/third-party/saml.rst:88
+msgid "General Zammad Configuration"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:98
-msgid ""
-"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
-"saml/metadata``) in the field **Master SAML Processing URL**."
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:101
-msgid "You also need to enable **Sign assertions**."
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:105
-msgid "Step 2: Configure Zammad"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:107
+#: ../settings/security/third-party/saml.rst:90
 msgid ""
 "Enable SAML and enter your IdP's details in the Admin Panel under **Settings "
 "> Security > Third Party Applications > Authentication via SAML**:"
@@ -18043,66 +17985,65 @@ msgstr ""
 msgid "Example configuration of SAML part 1"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Display name"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:116
+#: ../settings/security/third-party/saml.rst:99
 msgid ""
 "Allows you to define a custom button name for SAML. This helps your users to "
 "understand better what the button on the login page does."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Defaults to ``SAML``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:123
+#: ../settings/security/third-party/saml.rst:106
 msgid "IDP SSO target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:122
+#: ../settings/security/third-party/saml.rst:105
 msgid ""
 "This is the target URL Zammad shall redirect to when the user presses the "
-"SAML button. For Keycloak, this needs to look like https://your.domain/"
-"realms/your-realm/protocol/saml"
+"SAML button."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:127
+#: ../settings/security/third-party/saml.rst:110
 msgid "IDP single logout target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:126
+#: ../settings/security/third-party/saml.rst:109
 msgid ""
 "This is the URL to which the single logout request and response should be "
 "sent."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:131
+#: ../settings/security/third-party/saml.rst:114
 msgid "IDP certificate"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:130
+#: ../settings/security/third-party/saml.rst:113
 msgid ""
 "The public certificate of your IDP for Zammad to verify during the callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:145
+#: ../settings/security/third-party/saml.rst:128
 msgid "IDP certificate fingerprint"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:134
+#: ../settings/security/third-party/saml.rst:117
 msgid ""
 "The fingerprint of your IDPs public certificate to verify during callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:137
+#: ../settings/security/third-party/saml.rst:120
 msgid "🔏 **For the IdP certificate / certificate fingerprint:**"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:139
+#: ../settings/security/third-party/saml.rst:122
 msgid ""
 "Provide **only one or the other**—do not provide both! (Between the two, we "
 "recommend the signing certificate itself: fingerprints use SHA-1, which `has "
@@ -18110,31 +18051,31 @@ msgid ""
 "sha1_broken.html>`_.)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:144
+#: ../settings/security/third-party/saml.rst:127
 msgid ""
 "**Keycloak users:** Find your certificate in the Keycloak admin panel under "
 "**Realm Settings > Keys > Algorithm: RS256 > Certificate**."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Name identifier format"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:148
+#: ../settings/security/third-party/saml.rst:131
 msgid ""
 "This is the unique identifiers field type. Usually it should be ``urn:oasis:"
 "names:tc:SAML:1.1:nameid-format:emailAddress``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Zammad **expects an email address as unique identifier**!"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:155
+#: ../settings/security/third-party/saml.rst:138
 msgid "UID attribute name"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:154
+#: ../settings/security/third-party/saml.rst:137
 msgid ""
 "Here you can define an attribute that uniquely identifies the user. If "
 "unset, the name identifier returned by the IDP is used."
@@ -18144,101 +18085,361 @@ msgstr ""
 msgid "Example configuration of SAML part 2"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:163
+#: ../settings/security/third-party/saml.rst:146
 msgid ""
 "Decide if the certificate for the connection to the IdP service has to be "
 "verified or not (default: ``yes``)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid "Signing & Encrypting"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid ""
 "Define if you want to sign, encrypt, do both or nothing for the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "Certificate (PEM)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:172
+#: ../settings/security/third-party/saml.rst:155
 msgid ""
 "Paste the public certificate of your Zammad SAML client, if you want to "
 "encrypt the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:175
+#: ../settings/security/third-party/saml.rst:158
 msgid "Make sure the certificate is:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:177
+#: ../settings/security/third-party/saml.rst:160
 msgid "already valid and not yet expired"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:178
+#: ../settings/security/third-party/saml.rst:161
 msgid "no CA certificate"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "valid for signing and encrypting"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Private key (PEM)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:182
+#: ../settings/security/third-party/saml.rst:165
 msgid ""
 "Paste the private key of your Zammad SAML client here, if you want to sign "
 "the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Make sure the key is an RSA key with a length of at least 2048 bits."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "Private key secret"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "If your private key is secured with a secret, you can provide it here."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:192
+#: ../settings/security/third-party/saml.rst:175
 msgid "Your callback URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:191
+#: ../settings/security/third-party/saml.rst:174
 msgid ""
 "This URL is needed for your IdP configuration so it knows where to redirect "
 "to after successful authentication."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:194
+#: ../settings/security/third-party/saml.rst:177
 msgid ""
 "After saving your input by clicking on the \"Submit\" button, Zammad "
 "verifies the provided keys/certificates (e.g. if they are valid for signing/"
 "encrypting and if they aren't expired)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:199
+#: ../settings/security/third-party/saml.rst:182
 msgid ""
 "See :ref:`automatic account linking <automatic-account-linking>` for details "
 "on how to link existing Zammad accounts to IdP accounts."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:205
+#: ../settings/security/third-party/saml.rst:188
 msgid "Automatic account linking doesn't work"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:206
+#: ../settings/security/third-party/saml.rst:189
 msgid ""
 "Have you double-checked your IdP's user attribute mapping configuration?"
 msgstr ""
 
+#: ../settings/security/third-party/saml/saml-keycloak.rst:2
+msgid "SAML with Keycloak"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:5
+msgid "Step 1: Keycloak Configuration"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:7
+msgid ""
+"**To add Zammad as a client,** save the XML configuration to disk (``https://"
+"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
+"Import client** in the Keycloak admin panel."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:13
+msgid ""
+"To help Zammad **match its own user accounts to Keycloak users**, create a "
+"user attribute (or “property”) mapper. In **Clients list**, click on your "
+"newly created Client ID, choose the tab **Client scopes** and click on the "
+"link which refers to your Zammad instance. Choose **Add mapper > By "
+"configuration > User Property** and create a mapper with the following "
+"entries:"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:22
+msgid "**Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:24
+msgid "**Mapper Type**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:25
+msgid "``User Property``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:26
+msgid "**Property**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:27
+msgid "``emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:28
+msgid "**SAML Attribute Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:30
+msgid "**SAML Attribute NameFormat**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:31
+msgid "``basic``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:33
+msgid ""
+"In the example above, we're telling Zammad that whenever it receives a SAML "
+"login request, it should take the ``email`` property from Keycloak, look for "
+"a Zammad user with the same ``email`` attribute, and create a new session "
+"for that user."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:39
+msgid ""
+"If your Keycloak users' email addresses are stored on another property (*e."
+"g.,* ``username``), adjust accordingly."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:42
+msgid ""
+"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
+"saml/metadata``) in the field **Master SAML Processing URL**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:46
+msgid "You also need to enable **Sign assertions**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:49
+msgid "2. Configure Zammad"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:51
+#: ../settings/security/third-party/saml/saml-microsoft.rst:53
+msgid "Log in to Zammad as an administrator"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:52
+#: ../settings/security/third-party/saml/saml-microsoft.rst:54
+msgid ""
+"In the admin panel go to \"Settings\" > \"Security\" > \"Third-party "
+"Applications\" > \"Authentication via SAML\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:54
+#: ../settings/security/third-party/saml/saml-microsoft.rst:56
+msgid "Provide the following information:"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:56
+msgid ""
+"SAML IdP Login URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:57
+msgid ""
+"SAML IdP Logout URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:59
+#: ../settings/security/third-party/saml/saml-microsoft.rst:61
+msgid ""
+"Name Identifier Format: ``urn:oasis:names:tc:SAML:1.1:nameid-format:"
+"emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:60
+#: ../settings/security/third-party/saml/saml-microsoft.rst:62
+msgid ""
+"SAML IdP Certificate: Upload the previously downloaded Base64 certificate."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:61
+#: ../settings/security/third-party/saml/saml-microsoft.rst:63
+msgid "Save the settings"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:64
+#: ../settings/security/third-party/saml/saml-microsoft.rst:72
+msgid ""
+"Read on at :ref:`saml-zammad` for a description of the specific fields in "
+"Zammad."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:2
+msgid "SAML with Microsoft 365"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:5
+msgid "1. Register Zammad as an Application in Microsoft Entra ID"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:7
+msgid "Log in to the Microsoft Entra admin center with administrative rights"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:8
+msgid ""
+"Navigate to \"Identity\" > \"Applications\" > \"Enterprise Applications\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:9
+msgid "Click \"New Application\" and select \"Create your own application\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:10
+msgid "Enter a name for the application, e.g. \"Zammad SAML Integration\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:11
+msgid ""
+"Choose \"Integrate any other application you don't find in the gallery\", "
+"then click \"Create\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:15
+msgid "2. Configure SAML-based Single Sign-On (SSO)"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:17
+msgid "After the application is created, go to its overview page"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:18
+msgid "Select \"Single sign-on\" from the left-hand menu"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:19
+msgid "Choose \"SAML\" as the sign-on method"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:20
+msgid "In the \"Basic SAML Configuration\" section, click \"Edit\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:22
+msgid ""
+"Identifier (Entity ID): Use Zammad's Entity ID, which can be found at "
+"``https://your.zammad.domain/auth/saml/metadata``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:24
+msgid ""
+"Reply URL (Assertion Consumer Service URL): Set it to ``https://your.zammad."
+"domain/auth/saml/callback``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:27
+msgid "Save the configuration"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:30
+msgid "3. Configure User Attributes and Claims Mapping"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:32
+msgid ""
+"In the \"Attributes & Claims\" section, click \"Edit\". By default, some "
+"claims like User Principal Name, Email Address, First Name, and Last Name "
+"are already configured."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid ""
+"Screenshots showing \"Attribute & Claims\" configuration in Entra admin "
+"center"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:41
+msgid "4. Download the SAML Certificate"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:43
+msgid ""
+"In the \"SAML Signing Certificate\" section, download the \"Certificate "
+"(Base64)\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid "Screenshot showing the highlighted certificate export already"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:51
+msgid "5. Configure Zammad"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:58
+msgid ""
+"IDP SSO target URL: The Login URL from the Microsoft Entra Admin Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:59
+msgid ""
+"IDP single logout target URL: The Logout URL from the Microsoft Entra Admin "
+"Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:66
+msgid "6. Assign Users"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:68
+msgid ""
+"In Microsoft Entra ID, assign the relevant users to the Zammad application "
+"to grant them access."
+msgstr ""
+
 #: ../settings/security/third-party/twitter.rst:4
 msgid ""
 "It is possible to create a quick login for your helpdesk via Twitter. To do "
diff --git a/locale/fa/LC_MESSAGES/admin-docs.po b/locale/fa/LC_MESSAGES/admin-docs.po
index 546a13fe..2de4fc41 100644
--- a/locale/fa/LC_MESSAGES/admin-docs.po
+++ b/locale/fa/LC_MESSAGES/admin-docs.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Zammad\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-11-14 11:32+0100\n"
+"POT-Creation-Date: 2024-11-29 15:26+0100\n"
 "PO-Revision-Date: 2024-11-19 05:00+0000\n"
 "Last-Translator: sesoltani <se.soltani@hotmail.com>\n"
 "Language-Team: Persian <https://translations.zammad.org/projects/"
@@ -26,6 +26,7 @@ msgstr "چت کنید"
 #: ../channels/chat.rst:5 ../channels/facebook.rst:5
 #: ../misc/object-conditions/basics.rst:5
 #: ../settings/security/ssl-certificates.rst:5
+#: ../settings/security/third-party/saml.rst:5
 #: ../system/integrations/pgp/index.rst:5 ../system/objects/permissions.rst:5
 msgid "Introduction"
 msgstr "مقدمه"
@@ -95,8 +96,8 @@ msgid ""
 "Zammad will try to adapt your main website colors to the chat. You can also "
 "adjust the colors to customize it to your corporate design."
 msgstr ""
-"Zammad سعی می کند رنگ های اصلی وب سایت شما را با چت تطبیق دهد. همچنین می‌"
-"توانید رنگ‌ها را برای سفارشی کردن آن با طرح شرکت خود تنظیم کنید."
+"Zammad سعی می کند رنگ های اصلی وب سایت شما را با چت تطبیق دهد. همچنین "
+"می‌توانید رنگ‌ها را برای سفارشی کردن آن با طرح شرکت خود تنظیم کنید."
 
 #: ../channels/chat.rst:28 ../misc/first-steps.rst:20
 #: ../system/integrations/clearbit.rst:31
@@ -136,8 +137,8 @@ msgid ""
 "preview modes."
 msgstr ""
 "طراح یکپارچه به ویجت چت کمک می کند تا با رنگ وب سایت سازگار شودZammad سعی می "
-"کند وب سایت شما را بر اساس FQDN شما واکشی کند. اگر این کار انجام نشد یا می‌"
-"خواهید پیش‌نمایش را لغو کنید، می‌توانید URL را به صورت دستی وارد کنید و روی "
+"کند وب سایت شما را بر اساس FQDN شما واکشی کند. اگر این کار انجام نشد یا "
+"می‌خواهید پیش‌نمایش را لغو کنید، می‌توانید URL را به صورت دستی وارد کنید و روی "
 "بارگیری کلیک کنید. با انتخاب حالت های مختلف پیش نمایش می توانید پیش نمایشی "
 "برای دستگاه های مختلف دریافت کنید."
 
@@ -536,7 +537,7 @@ msgstr ""
 
 #: ../channels/email/accounts/account-setup.rst:141
 #: ../channels/email/accounts/account-setup.rst:264
-#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:166
+#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:149
 #: ../system/integrations/i-doit.rst:74
 msgid "SSL verification"
 msgstr ""
@@ -801,7 +802,7 @@ msgstr ""
 #: ../channels/email/accounts/account-setup.rst:288
 #: ../channels/google/basic-setup.rst:231
 #: ../channels/microsoft365/accounts/account-setup.rst:170
-#: ../settings/security/third-party/saml.rst:203
+#: ../settings/security/third-party/saml.rst:186
 #: ../system/integrations/cti/includes/troubleshooting.include.rst:2
 #: ../system/integrations/github.rst:53 ../system/integrations/gitlab.rst:46
 #: ../system/integrations/pgp/index.rst:112
@@ -4058,8 +4059,8 @@ msgid "OpenId permissions"
 msgstr ""
 
 #: ../channels/microsoft365/accounts/register-app.rst:87
-#: ../settings/security/third-party/saml.rst:79
-#: ../settings/security/third-party/saml.rst:85
+#: ../settings/security/third-party/saml/saml-keycloak.rst:23
+#: ../settings/security/third-party/saml/saml-keycloak.rst:29
 msgid "``email``"
 msgstr ""
 
@@ -17878,188 +17879,135 @@ msgstr ""
 msgid "SAML"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:4
-msgid ""
-"Connect your SAML (Security Assertion Markup Language) identity provider as "
-"a single sign-on (SSO) method."
-msgstr ""
-
 #: ../settings/security/third-party/saml.rst:7
 msgid ""
-"SAML is an open standard for SSO authentication (among other things). Sign-"
-"ins are shared across multiple **service providers** and managed by a "
-"central **identity provider** (IdP)."
+"Connect your SAML (Security Assertion Markup Language) identity provider as "
+"a single sign-on (SSO) method. SAML is an open standard for SSO "
+"authentication (among other things). Sign-ins are shared across multiple "
+"**service providers** and managed by a central **identity provider** (IdP)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:11
+#: ../settings/security/third-party/saml.rst:12
 msgid ""
 "In this case, the service provider is Zammad, and the IdP is a software "
-"service that you either host or subscribe to (*e.g.,* `Keycloak <https://www."
+"service that you either host or subscribe to (e.g. `Keycloak <https://www."
 "keycloak.org/>`_, `Redhat SSO Server <https://access.redhat.com/products/red-"
 "hat-single-sign-on>`_, `ADFS <https://docs.microsoft.com/en-us/windows-"
 "server/identity/active-directory-federation-services>`_, or `Okta <https://"
 "www.okta.com/>`_)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:18
+#: ../settings/security/third-party/saml.rst:19
 msgid ""
-"This guide assumes you are already using SAML within your organization (i."
-"e., that your IdP is fully set up)."
+"This guide assumes you are already using SAML within your organization (i.e. "
+"that your IdP is fully set up)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:21
+#: ../settings/security/third-party/saml.rst:23
+#, fuzzy
+#| msgid "Configuration"
+msgid "Basic Configuration"
+msgstr "پیکربندی"
+
+#: ../settings/security/third-party/saml.rst:25
 msgid ""
-"Please note: Our instructions are based on connecting Zammad with Keycloak."
+"This section describes the setup of an IdP in a general way. See :ref:`saml-"
+"guides` for setup guides for Keycloak and Microsoft SAML."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:25
-msgid "Step 1: Configure Your IdP"
+#: ../settings/security/third-party/saml.rst:29
+msgid "Configure Your IdP"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:28
+#: ../settings/security/third-party/saml.rst:32
 msgid "Add Zammad as a Client/App"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:30
+#: ../settings/security/third-party/saml.rst:34
 msgid ""
 "Import Zammad into your IdP using the XML configuration found at ``https://"
 "your.zammad.domain/auth/saml/metadata``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:33
+#: ../settings/security/third-party/saml.rst:37
 msgid ""
 "If your IdP doesn't support XML import, you will have to configure Zammad as "
 "a new client/app manually using the above XML metadata file for reference."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:36
+#: ../settings/security/third-party/saml.rst:40
 msgid "For instance, when you see this tag:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:42
+#: ../settings/security/third-party/saml.rst:46
 msgid ""
 "Set the **Assertion Consumer Service Binding URL** (sometimes also listed as "
 "**Valid Redirect URIs**) to ``http://your.zammad.domain/auth/saml/callback``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:47
+#: ../settings/security/third-party/saml.rst:51
 msgid "Set Up User Attribute Mapping"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:49
+#: ../settings/security/third-party/saml.rst:53
 msgid ""
 "Zammad requests the following user attributes (or “properties”) from the IdP:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:51
+#: ../settings/security/third-party/saml.rst:55
 msgid "Email address (``email``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:52
+#: ../settings/security/third-party/saml.rst:56
 msgid "Full name (``name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:53
+#: ../settings/security/third-party/saml.rst:57
 msgid "Given name (``first_name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:54
+#: ../settings/security/third-party/saml.rst:58
 msgid "Family name (``last_name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:56
+#: ../settings/security/third-party/saml.rst:60
 msgid ""
 "You may need to set up “mappers” (or “mappings”) to tell your IdP how user "
 "attributes in SAML correspond to those in Zammad. For a more detailed "
 "breakdown, refer to the XML metadata file referenced in the previous section."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:62
-msgid "Per-IdP Instructions"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:102
-msgid "Keycloak"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:65
-msgid ""
-"**To add Zammad as a client,** save the XML configuration to disk (``https://"
-"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
-"Import client** in the Keycloak admin panel."
-msgstr ""
+#: ../settings/security/third-party/saml.rst:68
+#, fuzzy
+#| msgid "Configuration"
+msgid "Configuration Guides"
+msgstr "پیکربندی"
 
 #: ../settings/security/third-party/saml.rst:70
-msgid ""
-"To help Zammad **match its own user accounts to Keycloak users**, create a "
-"user attribute (or “property”) mapper. In **Clients list**, click on your "
-"newly created Client ID, choose the tab **Client scopes** and click on the "
-"link which refers to your Zammad instance. Choose **Add mapper > By "
-"configuration > User Property** and create a mapper with the following "
-"entries:"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:78
-msgid "**Name**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:80
-msgid "**Mapper Type**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:81
-msgid "``User Property``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:82
-msgid "**Property**"
+msgid "You can find specific configuration guides for:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:83
-msgid "``emailAddress``"
+#: ../settings/security/third-party/saml.rst:72
+msgid ":doc:`Keycloak <./saml/saml-keycloak>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:84
-msgid "**SAML Attribute Name**"
+#: ../settings/security/third-party/saml.rst:73
+msgid ":doc:`Microsoft SAML <./saml/saml-microsoft>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:86
-msgid "**SAML Attribute NameFormat**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:87
-msgid "``basic``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:89
+#: ../settings/security/third-party/saml.rst:75
 msgid ""
-"In the example above, we're telling Zammad that whenever it receives a SAML "
-"login request, it should take the ``email`` property from Keycloak, look for "
-"a Zammad user with the same ``email`` attribute, and create a new session "
-"for that user."
+"If your are using another IdP, adapt it to your needs. For a description of "
+"the fields in Zammad, read on below."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:95
-msgid ""
-"If your Keycloak users' email addresses are stored on another property (*e."
-"g.,* ``username``), adjust accordingly."
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:98
-msgid ""
-"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
-"saml/metadata``) in the field **Master SAML Processing URL**."
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:101
-msgid "You also need to enable **Sign assertions**."
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:105
-msgid "Step 2: Configure Zammad"
-msgstr ""
+#: ../settings/security/third-party/saml.rst:88
+#, fuzzy
+#| msgid "Configuration"
+msgid "General Zammad Configuration"
+msgstr "پیکربندی"
 
-#: ../settings/security/third-party/saml.rst:107
+#: ../settings/security/third-party/saml.rst:90
 msgid ""
 "Enable SAML and enter your IdP's details in the Admin Panel under **Settings "
 "> Security > Third Party Applications > Authentication via SAML**:"
@@ -18069,66 +18017,65 @@ msgstr ""
 msgid "Example configuration of SAML part 1"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Display name"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:116
+#: ../settings/security/third-party/saml.rst:99
 msgid ""
 "Allows you to define a custom button name for SAML. This helps your users to "
 "understand better what the button on the login page does."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Defaults to ``SAML``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:123
+#: ../settings/security/third-party/saml.rst:106
 msgid "IDP SSO target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:122
+#: ../settings/security/third-party/saml.rst:105
 msgid ""
 "This is the target URL Zammad shall redirect to when the user presses the "
-"SAML button. For Keycloak, this needs to look like https://your.domain/"
-"realms/your-realm/protocol/saml"
+"SAML button."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:127
+#: ../settings/security/third-party/saml.rst:110
 msgid "IDP single logout target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:126
+#: ../settings/security/third-party/saml.rst:109
 msgid ""
 "This is the URL to which the single logout request and response should be "
 "sent."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:131
+#: ../settings/security/third-party/saml.rst:114
 msgid "IDP certificate"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:130
+#: ../settings/security/third-party/saml.rst:113
 msgid ""
 "The public certificate of your IDP for Zammad to verify during the callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:145
+#: ../settings/security/third-party/saml.rst:128
 msgid "IDP certificate fingerprint"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:134
+#: ../settings/security/third-party/saml.rst:117
 msgid ""
 "The fingerprint of your IDPs public certificate to verify during callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:137
+#: ../settings/security/third-party/saml.rst:120
 msgid "🔏 **For the IdP certificate / certificate fingerprint:**"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:139
+#: ../settings/security/third-party/saml.rst:122
 msgid ""
 "Provide **only one or the other**—do not provide both! (Between the two, we "
 "recommend the signing certificate itself: fingerprints use SHA-1, which `has "
@@ -18136,31 +18083,31 @@ msgid ""
 "sha1_broken.html>`_.)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:144
+#: ../settings/security/third-party/saml.rst:127
 msgid ""
 "**Keycloak users:** Find your certificate in the Keycloak admin panel under "
 "**Realm Settings > Keys > Algorithm: RS256 > Certificate**."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Name identifier format"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:148
+#: ../settings/security/third-party/saml.rst:131
 msgid ""
 "This is the unique identifiers field type. Usually it should be ``urn:oasis:"
 "names:tc:SAML:1.1:nameid-format:emailAddress``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Zammad **expects an email address as unique identifier**!"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:155
+#: ../settings/security/third-party/saml.rst:138
 msgid "UID attribute name"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:154
+#: ../settings/security/third-party/saml.rst:137
 msgid ""
 "Here you can define an attribute that uniquely identifies the user. If "
 "unset, the name identifier returned by the IDP is used."
@@ -18170,101 +18117,365 @@ msgstr ""
 msgid "Example configuration of SAML part 2"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:163
+#: ../settings/security/third-party/saml.rst:146
 msgid ""
 "Decide if the certificate for the connection to the IdP service has to be "
 "verified or not (default: ``yes``)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid "Signing & Encrypting"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid ""
 "Define if you want to sign, encrypt, do both or nothing for the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "Certificate (PEM)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:172
+#: ../settings/security/third-party/saml.rst:155
 msgid ""
 "Paste the public certificate of your Zammad SAML client, if you want to "
 "encrypt the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:175
+#: ../settings/security/third-party/saml.rst:158
 msgid "Make sure the certificate is:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:177
+#: ../settings/security/third-party/saml.rst:160
 msgid "already valid and not yet expired"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:178
+#: ../settings/security/third-party/saml.rst:161
 msgid "no CA certificate"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "valid for signing and encrypting"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Private key (PEM)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:182
+#: ../settings/security/third-party/saml.rst:165
 msgid ""
 "Paste the private key of your Zammad SAML client here, if you want to sign "
 "the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Make sure the key is an RSA key with a length of at least 2048 bits."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "Private key secret"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "If your private key is secured with a secret, you can provide it here."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:192
+#: ../settings/security/third-party/saml.rst:175
 msgid "Your callback URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:191
+#: ../settings/security/third-party/saml.rst:174
 msgid ""
 "This URL is needed for your IdP configuration so it knows where to redirect "
 "to after successful authentication."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:194
+#: ../settings/security/third-party/saml.rst:177
 msgid ""
 "After saving your input by clicking on the \"Submit\" button, Zammad "
 "verifies the provided keys/certificates (e.g. if they are valid for signing/"
 "encrypting and if they aren't expired)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:199
+#: ../settings/security/third-party/saml.rst:182
 msgid ""
 "See :ref:`automatic account linking <automatic-account-linking>` for details "
 "on how to link existing Zammad accounts to IdP accounts."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:205
+#: ../settings/security/third-party/saml.rst:188
 msgid "Automatic account linking doesn't work"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:206
+#: ../settings/security/third-party/saml.rst:189
 msgid ""
 "Have you double-checked your IdP's user attribute mapping configuration?"
 msgstr ""
 
+#: ../settings/security/third-party/saml/saml-keycloak.rst:2
+msgid "SAML with Keycloak"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:5
+#, fuzzy
+#| msgid "Configuration"
+msgid "Step 1: Keycloak Configuration"
+msgstr "پیکربندی"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:7
+msgid ""
+"**To add Zammad as a client,** save the XML configuration to disk (``https://"
+"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
+"Import client** in the Keycloak admin panel."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:13
+msgid ""
+"To help Zammad **match its own user accounts to Keycloak users**, create a "
+"user attribute (or “property”) mapper. In **Clients list**, click on your "
+"newly created Client ID, choose the tab **Client scopes** and click on the "
+"link which refers to your Zammad instance. Choose **Add mapper > By "
+"configuration > User Property** and create a mapper with the following "
+"entries:"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:22
+msgid "**Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:24
+msgid "**Mapper Type**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:25
+msgid "``User Property``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:26
+msgid "**Property**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:27
+msgid "``emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:28
+msgid "**SAML Attribute Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:30
+msgid "**SAML Attribute NameFormat**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:31
+msgid "``basic``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:33
+msgid ""
+"In the example above, we're telling Zammad that whenever it receives a SAML "
+"login request, it should take the ``email`` property from Keycloak, look for "
+"a Zammad user with the same ``email`` attribute, and create a new session "
+"for that user."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:39
+msgid ""
+"If your Keycloak users' email addresses are stored on another property (*e."
+"g.,* ``username``), adjust accordingly."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:42
+msgid ""
+"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
+"saml/metadata``) in the field **Master SAML Processing URL**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:46
+msgid "You also need to enable **Sign assertions**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:49
+msgid "2. Configure Zammad"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:51
+#: ../settings/security/third-party/saml/saml-microsoft.rst:53
+msgid "Log in to Zammad as an administrator"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:52
+#: ../settings/security/third-party/saml/saml-microsoft.rst:54
+msgid ""
+"In the admin panel go to \"Settings\" > \"Security\" > \"Third-party "
+"Applications\" > \"Authentication via SAML\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:54
+#: ../settings/security/third-party/saml/saml-microsoft.rst:56
+msgid "Provide the following information:"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:56
+msgid ""
+"SAML IdP Login URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:57
+msgid ""
+"SAML IdP Logout URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:59
+#: ../settings/security/third-party/saml/saml-microsoft.rst:61
+msgid ""
+"Name Identifier Format: ``urn:oasis:names:tc:SAML:1.1:nameid-format:"
+"emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:60
+#: ../settings/security/third-party/saml/saml-microsoft.rst:62
+msgid ""
+"SAML IdP Certificate: Upload the previously downloaded Base64 certificate."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:61
+#: ../settings/security/third-party/saml/saml-microsoft.rst:63
+msgid "Save the settings"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:64
+#: ../settings/security/third-party/saml/saml-microsoft.rst:72
+msgid ""
+"Read on at :ref:`saml-zammad` for a description of the specific fields in "
+"Zammad."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:2
+msgid "SAML with Microsoft 365"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:5
+msgid "1. Register Zammad as an Application in Microsoft Entra ID"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:7
+msgid "Log in to the Microsoft Entra admin center with administrative rights"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:8
+msgid ""
+"Navigate to \"Identity\" > \"Applications\" > \"Enterprise Applications\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:9
+msgid "Click \"New Application\" and select \"Create your own application\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:10
+msgid "Enter a name for the application, e.g. \"Zammad SAML Integration\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:11
+msgid ""
+"Choose \"Integrate any other application you don't find in the gallery\", "
+"then click \"Create\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:15
+msgid "2. Configure SAML-based Single Sign-On (SSO)"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:17
+msgid "After the application is created, go to its overview page"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:18
+msgid "Select \"Single sign-on\" from the left-hand menu"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:19
+msgid "Choose \"SAML\" as the sign-on method"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:20
+msgid "In the \"Basic SAML Configuration\" section, click \"Edit\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:22
+msgid ""
+"Identifier (Entity ID): Use Zammad's Entity ID, which can be found at "
+"``https://your.zammad.domain/auth/saml/metadata``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:24
+msgid ""
+"Reply URL (Assertion Consumer Service URL): Set it to ``https://your.zammad."
+"domain/auth/saml/callback``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:27
+#, fuzzy
+#| msgid "Configuration"
+msgid "Save the configuration"
+msgstr "پیکربندی"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:30
+msgid "3. Configure User Attributes and Claims Mapping"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:32
+msgid ""
+"In the \"Attributes & Claims\" section, click \"Edit\". By default, some "
+"claims like User Principal Name, Email Address, First Name, and Last Name "
+"are already configured."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid ""
+"Screenshots showing \"Attribute & Claims\" configuration in Entra admin "
+"center"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:41
+msgid "4. Download the SAML Certificate"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:43
+msgid ""
+"In the \"SAML Signing Certificate\" section, download the \"Certificate "
+"(Base64)\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid "Screenshot showing the highlighted certificate export already"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:51
+msgid "5. Configure Zammad"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:58
+msgid ""
+"IDP SSO target URL: The Login URL from the Microsoft Entra Admin Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:59
+msgid ""
+"IDP single logout target URL: The Logout URL from the Microsoft Entra Admin "
+"Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:66
+msgid "6. Assign Users"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:68
+msgid ""
+"In Microsoft Entra ID, assign the relevant users to the Zammad application "
+"to grant them access."
+msgstr ""
+
 #: ../settings/security/third-party/twitter.rst:4
 msgid ""
 "It is possible to create a quick login for your helpdesk via Twitter. To do "
diff --git a/locale/fr/LC_MESSAGES/admin-docs.po b/locale/fr/LC_MESSAGES/admin-docs.po
index 0deb8c39..1611bfcb 100644
--- a/locale/fr/LC_MESSAGES/admin-docs.po
+++ b/locale/fr/LC_MESSAGES/admin-docs.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Zammad\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-11-14 11:32+0100\n"
+"POT-Creation-Date: 2024-11-29 15:26+0100\n"
 "PO-Revision-Date: 2024-10-08 00:00+0000\n"
 "Last-Translator: Misha <misha@association-enoria.org>\n"
 "Language-Team: French <https://translations.zammad.org/projects/"
@@ -26,6 +26,7 @@ msgstr "Discussion"
 #: ../channels/chat.rst:5 ../channels/facebook.rst:5
 #: ../misc/object-conditions/basics.rst:5
 #: ../settings/security/ssl-certificates.rst:5
+#: ../settings/security/third-party/saml.rst:5
 #: ../system/integrations/pgp/index.rst:5 ../system/objects/permissions.rst:5
 #, fuzzy
 msgid "Introduction"
@@ -636,7 +637,7 @@ msgstr "STARTTLS"
 
 #: ../channels/email/accounts/account-setup.rst:141
 #: ../channels/email/accounts/account-setup.rst:264
-#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:166
+#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:149
 #: ../system/integrations/i-doit.rst:74
 #, fuzzy
 msgid "SSL verification"
@@ -928,7 +929,7 @@ msgstr ""
 #: ../channels/email/accounts/account-setup.rst:288
 #: ../channels/google/basic-setup.rst:231
 #: ../channels/microsoft365/accounts/account-setup.rst:170
-#: ../settings/security/third-party/saml.rst:203
+#: ../settings/security/third-party/saml.rst:186
 #: ../system/integrations/cti/includes/troubleshooting.include.rst:2
 #: ../system/integrations/github.rst:53 ../system/integrations/gitlab.rst:46
 #: ../system/integrations/pgp/index.rst:112
@@ -4234,8 +4235,8 @@ msgid "OpenId permissions"
 msgstr ""
 
 #: ../channels/microsoft365/accounts/register-app.rst:87
-#: ../settings/security/third-party/saml.rst:79
-#: ../settings/security/third-party/saml.rst:85
+#: ../settings/security/third-party/saml/saml-keycloak.rst:23
+#: ../settings/security/third-party/saml/saml-keycloak.rst:29
 msgid "``email``"
 msgstr ""
 
@@ -18201,188 +18202,135 @@ msgstr ""
 msgid "SAML"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:4
-msgid ""
-"Connect your SAML (Security Assertion Markup Language) identity provider as "
-"a single sign-on (SSO) method."
-msgstr ""
-
 #: ../settings/security/third-party/saml.rst:7
 msgid ""
-"SAML is an open standard for SSO authentication (among other things). Sign-"
-"ins are shared across multiple **service providers** and managed by a "
-"central **identity provider** (IdP)."
+"Connect your SAML (Security Assertion Markup Language) identity provider as "
+"a single sign-on (SSO) method. SAML is an open standard for SSO "
+"authentication (among other things). Sign-ins are shared across multiple "
+"**service providers** and managed by a central **identity provider** (IdP)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:11
+#: ../settings/security/third-party/saml.rst:12
 msgid ""
 "In this case, the service provider is Zammad, and the IdP is a software "
-"service that you either host or subscribe to (*e.g.,* `Keycloak <https://www."
+"service that you either host or subscribe to (e.g. `Keycloak <https://www."
 "keycloak.org/>`_, `Redhat SSO Server <https://access.redhat.com/products/red-"
 "hat-single-sign-on>`_, `ADFS <https://docs.microsoft.com/en-us/windows-"
 "server/identity/active-directory-federation-services>`_, or `Okta <https://"
 "www.okta.com/>`_)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:18
+#: ../settings/security/third-party/saml.rst:19
 msgid ""
-"This guide assumes you are already using SAML within your organization (i."
-"e., that your IdP is fully set up)."
+"This guide assumes you are already using SAML within your organization (i.e. "
+"that your IdP is fully set up)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:21
-msgid ""
-"Please note: Our instructions are based on connecting Zammad with Keycloak."
-msgstr ""
+#: ../settings/security/third-party/saml.rst:23
+#, fuzzy
+msgid "Basic Configuration"
+msgstr "Intégrations"
 
 #: ../settings/security/third-party/saml.rst:25
-msgid "Step 1: Configure Your IdP"
+msgid ""
+"This section describes the setup of an IdP in a general way. See :ref:`saml-"
+"guides` for setup guides for Keycloak and Microsoft SAML."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:28
+#: ../settings/security/third-party/saml.rst:29
+#, fuzzy
+#| msgid "Config"
+msgid "Configure Your IdP"
+msgstr "Configuration"
+
+#: ../settings/security/third-party/saml.rst:32
 msgid "Add Zammad as a Client/App"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:30
+#: ../settings/security/third-party/saml.rst:34
 msgid ""
 "Import Zammad into your IdP using the XML configuration found at ``https://"
 "your.zammad.domain/auth/saml/metadata``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:33
+#: ../settings/security/third-party/saml.rst:37
 msgid ""
 "If your IdP doesn't support XML import, you will have to configure Zammad as "
 "a new client/app manually using the above XML metadata file for reference."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:36
+#: ../settings/security/third-party/saml.rst:40
 msgid "For instance, when you see this tag:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:42
+#: ../settings/security/third-party/saml.rst:46
 msgid ""
 "Set the **Assertion Consumer Service Binding URL** (sometimes also listed as "
 "**Valid Redirect URIs**) to ``http://your.zammad.domain/auth/saml/callback``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:47
+#: ../settings/security/third-party/saml.rst:51
 msgid "Set Up User Attribute Mapping"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:49
+#: ../settings/security/third-party/saml.rst:53
 msgid ""
 "Zammad requests the following user attributes (or “properties”) from the IdP:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:51
+#: ../settings/security/third-party/saml.rst:55
 msgid "Email address (``email``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:52
+#: ../settings/security/third-party/saml.rst:56
 msgid "Full name (``name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:53
+#: ../settings/security/third-party/saml.rst:57
 msgid "Given name (``first_name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:54
+#: ../settings/security/third-party/saml.rst:58
 msgid "Family name (``last_name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:56
+#: ../settings/security/third-party/saml.rst:60
 msgid ""
 "You may need to set up “mappers” (or “mappings”) to tell your IdP how user "
 "attributes in SAML correspond to those in Zammad. For a more detailed "
 "breakdown, refer to the XML metadata file referenced in the previous section."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:62
-msgid "Per-IdP Instructions"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:102
-msgid "Keycloak"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:65
-msgid ""
-"**To add Zammad as a client,** save the XML configuration to disk (``https://"
-"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
-"Import client** in the Keycloak admin panel."
-msgstr ""
+#: ../settings/security/third-party/saml.rst:68
+#, fuzzy
+#| msgid "Configuration of the Chat widget"
+msgid "Configuration Guides"
+msgstr "Configuration du widget de discussion"
 
 #: ../settings/security/third-party/saml.rst:70
-msgid ""
-"To help Zammad **match its own user accounts to Keycloak users**, create a "
-"user attribute (or “property”) mapper. In **Clients list**, click on your "
-"newly created Client ID, choose the tab **Client scopes** and click on the "
-"link which refers to your Zammad instance. Choose **Add mapper > By "
-"configuration > User Property** and create a mapper with the following "
-"entries:"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:78
-msgid "**Name**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:80
-msgid "**Mapper Type**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:81
-msgid "``User Property``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:82
-msgid "**Property**"
+msgid "You can find specific configuration guides for:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:83
-msgid "``emailAddress``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:84
-msgid "**SAML Attribute Name**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:86
-msgid "**SAML Attribute NameFormat**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:87
-msgid "``basic``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:89
-msgid ""
-"In the example above, we're telling Zammad that whenever it receives a SAML "
-"login request, it should take the ``email`` property from Keycloak, look for "
-"a Zammad user with the same ``email`` attribute, and create a new session "
-"for that user."
+#: ../settings/security/third-party/saml.rst:72
+msgid ":doc:`Keycloak <./saml/saml-keycloak>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:95
-msgid ""
-"If your Keycloak users' email addresses are stored on another property (*e."
-"g.,* ``username``), adjust accordingly."
+#: ../settings/security/third-party/saml.rst:73
+msgid ":doc:`Microsoft SAML <./saml/saml-microsoft>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:98
+#: ../settings/security/third-party/saml.rst:75
 msgid ""
-"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
-"saml/metadata``) in the field **Master SAML Processing URL**."
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:101
-msgid "You also need to enable **Sign assertions**."
+"If your are using another IdP, adapt it to your needs. For a description of "
+"the fields in Zammad, read on below."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:105
-msgid "Step 2: Configure Zammad"
-msgstr ""
+#: ../settings/security/third-party/saml.rst:88
+#, fuzzy
+msgid "General Zammad Configuration"
+msgstr "Intégrations"
 
-#: ../settings/security/third-party/saml.rst:107
+#: ../settings/security/third-party/saml.rst:90
 msgid ""
 "Enable SAML and enter your IdP's details in the Admin Panel under **Settings "
 "> Security > Third Party Applications > Authentication via SAML**:"
@@ -18392,67 +18340,66 @@ msgstr ""
 msgid "Example configuration of SAML part 1"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Display name"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:116
+#: ../settings/security/third-party/saml.rst:99
 msgid ""
 "Allows you to define a custom button name for SAML. This helps your users to "
 "understand better what the button on the login page does."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Defaults to ``SAML``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:123
+#: ../settings/security/third-party/saml.rst:106
 msgid "IDP SSO target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:122
+#: ../settings/security/third-party/saml.rst:105
 msgid ""
 "This is the target URL Zammad shall redirect to when the user presses the "
-"SAML button. For Keycloak, this needs to look like https://your.domain/"
-"realms/your-realm/protocol/saml"
+"SAML button."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:127
+#: ../settings/security/third-party/saml.rst:110
 msgid "IDP single logout target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:126
+#: ../settings/security/third-party/saml.rst:109
 msgid ""
 "This is the URL to which the single logout request and response should be "
 "sent."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:131
+#: ../settings/security/third-party/saml.rst:114
 #, fuzzy
 msgid "IDP certificate"
 msgstr "Intégrations"
 
-#: ../settings/security/third-party/saml.rst:130
+#: ../settings/security/third-party/saml.rst:113
 msgid ""
 "The public certificate of your IDP for Zammad to verify during the callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:145
+#: ../settings/security/third-party/saml.rst:128
 msgid "IDP certificate fingerprint"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:134
+#: ../settings/security/third-party/saml.rst:117
 msgid ""
 "The fingerprint of your IDPs public certificate to verify during callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:137
+#: ../settings/security/third-party/saml.rst:120
 msgid "🔏 **For the IdP certificate / certificate fingerprint:**"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:139
+#: ../settings/security/third-party/saml.rst:122
 msgid ""
 "Provide **only one or the other**—do not provide both! (Between the two, we "
 "recommend the signing certificate itself: fingerprints use SHA-1, which `has "
@@ -18460,31 +18407,31 @@ msgid ""
 "sha1_broken.html>`_.)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:144
+#: ../settings/security/third-party/saml.rst:127
 msgid ""
 "**Keycloak users:** Find your certificate in the Keycloak admin panel under "
 "**Realm Settings > Keys > Algorithm: RS256 > Certificate**."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Name identifier format"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:148
+#: ../settings/security/third-party/saml.rst:131
 msgid ""
 "This is the unique identifiers field type. Usually it should be ``urn:oasis:"
 "names:tc:SAML:1.1:nameid-format:emailAddress``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Zammad **expects an email address as unique identifier**!"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:155
+#: ../settings/security/third-party/saml.rst:138
 msgid "UID attribute name"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:154
+#: ../settings/security/third-party/saml.rst:137
 msgid ""
 "Here you can define an attribute that uniquely identifies the user. If "
 "unset, the name identifier returned by the IDP is used."
@@ -18494,103 +18441,377 @@ msgstr ""
 msgid "Example configuration of SAML part 2"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:163
+#: ../settings/security/third-party/saml.rst:146
 msgid ""
 "Decide if the certificate for the connection to the IdP service has to be "
 "verified or not (default: ``yes``)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid "Signing & Encrypting"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid ""
 "Define if you want to sign, encrypt, do both or nothing for the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "Certificate (PEM)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:172
+#: ../settings/security/third-party/saml.rst:155
 msgid ""
 "Paste the public certificate of your Zammad SAML client, if you want to "
 "encrypt the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:175
+#: ../settings/security/third-party/saml.rst:158
 #, fuzzy
 msgid "Make sure the certificate is:"
 msgstr "Intégrations"
 
-#: ../settings/security/third-party/saml.rst:177
+#: ../settings/security/third-party/saml.rst:160
 msgid "already valid and not yet expired"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:178
+#: ../settings/security/third-party/saml.rst:161
 #, fuzzy
 msgid "no CA certificate"
 msgstr "Intégrations"
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "valid for signing and encrypting"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Private key (PEM)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:182
+#: ../settings/security/third-party/saml.rst:165
 msgid ""
 "Paste the private key of your Zammad SAML client here, if you want to sign "
 "the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Make sure the key is an RSA key with a length of at least 2048 bits."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "Private key secret"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "If your private key is secured with a secret, you can provide it here."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:192
+#: ../settings/security/third-party/saml.rst:175
 msgid "Your callback URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:191
+#: ../settings/security/third-party/saml.rst:174
 msgid ""
 "This URL is needed for your IdP configuration so it knows where to redirect "
 "to after successful authentication."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:194
+#: ../settings/security/third-party/saml.rst:177
 msgid ""
 "After saving your input by clicking on the \"Submit\" button, Zammad "
 "verifies the provided keys/certificates (e.g. if they are valid for signing/"
 "encrypting and if they aren't expired)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:199
+#: ../settings/security/third-party/saml.rst:182
 msgid ""
 "See :ref:`automatic account linking <automatic-account-linking>` for details "
 "on how to link existing Zammad accounts to IdP accounts."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:205
+#: ../settings/security/third-party/saml.rst:188
 msgid "Automatic account linking doesn't work"
 msgstr "La liaison automatique de compte ne fonctionne pas"
 
-#: ../settings/security/third-party/saml.rst:206
+#: ../settings/security/third-party/saml.rst:189
 msgid ""
 "Have you double-checked your IdP's user attribute mapping configuration?"
 msgstr ""
 
+#: ../settings/security/third-party/saml/saml-keycloak.rst:2
+msgid "SAML with Keycloak"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:5
+#, fuzzy
+msgid "Step 1: Keycloak Configuration"
+msgstr "Intégrations"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:7
+msgid ""
+"**To add Zammad as a client,** save the XML configuration to disk (``https://"
+"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
+"Import client** in the Keycloak admin panel."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:13
+msgid ""
+"To help Zammad **match its own user accounts to Keycloak users**, create a "
+"user attribute (or “property”) mapper. In **Clients list**, click on your "
+"newly created Client ID, choose the tab **Client scopes** and click on the "
+"link which refers to your Zammad instance. Choose **Add mapper > By "
+"configuration > User Property** and create a mapper with the following "
+"entries:"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:22
+msgid "**Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:24
+msgid "**Mapper Type**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:25
+msgid "``User Property``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:26
+msgid "**Property**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:27
+msgid "``emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:28
+msgid "**SAML Attribute Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:30
+msgid "**SAML Attribute NameFormat**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:31
+msgid "``basic``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:33
+msgid ""
+"In the example above, we're telling Zammad that whenever it receives a SAML "
+"login request, it should take the ``email`` property from Keycloak, look for "
+"a Zammad user with the same ``email`` attribute, and create a new session "
+"for that user."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:39
+msgid ""
+"If your Keycloak users' email addresses are stored on another property (*e."
+"g.,* ``username``), adjust accordingly."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:42
+msgid ""
+"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
+"saml/metadata``) in the field **Master SAML Processing URL**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:46
+msgid "You also need to enable **Sign assertions**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:49
+#, fuzzy
+#| msgid "Config"
+msgid "2. Configure Zammad"
+msgstr "Configuration"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:51
+#: ../settings/security/third-party/saml/saml-microsoft.rst:53
+msgid "Log in to Zammad as an administrator"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:52
+#: ../settings/security/third-party/saml/saml-microsoft.rst:54
+msgid ""
+"In the admin panel go to \"Settings\" > \"Security\" > \"Third-party "
+"Applications\" > \"Authentication via SAML\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:54
+#: ../settings/security/third-party/saml/saml-microsoft.rst:56
+#, fuzzy
+#| msgid "You can choose from the following options:"
+msgid "Provide the following information:"
+msgstr "Vous avez le choix entre les options suivantes :"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:56
+msgid ""
+"SAML IdP Login URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:57
+msgid ""
+"SAML IdP Logout URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:59
+#: ../settings/security/third-party/saml/saml-microsoft.rst:61
+msgid ""
+"Name Identifier Format: ``urn:oasis:names:tc:SAML:1.1:nameid-format:"
+"emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:60
+#: ../settings/security/third-party/saml/saml-microsoft.rst:62
+msgid ""
+"SAML IdP Certificate: Upload the previously downloaded Base64 certificate."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:61
+#: ../settings/security/third-party/saml/saml-microsoft.rst:63
+#, fuzzy
+msgid "Save the settings"
+msgstr "Paramètres"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:64
+#: ../settings/security/third-party/saml/saml-microsoft.rst:72
+msgid ""
+"Read on at :ref:`saml-zammad` for a description of the specific fields in "
+"Zammad."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:2
+msgid "SAML with Microsoft 365"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:5
+msgid "1. Register Zammad as an Application in Microsoft Entra ID"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:7
+msgid "Log in to the Microsoft Entra admin center with administrative rights"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:8
+msgid ""
+"Navigate to \"Identity\" > \"Applications\" > \"Enterprise Applications\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:9
+msgid "Click \"New Application\" and select \"Create your own application\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:10
+msgid "Enter a name for the application, e.g. \"Zammad SAML Integration\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:11
+msgid ""
+"Choose \"Integrate any other application you don't find in the gallery\", "
+"then click \"Create\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:15
+msgid "2. Configure SAML-based Single Sign-On (SSO)"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:17
+msgid "After the application is created, go to its overview page"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:18
+msgid "Select \"Single sign-on\" from the left-hand menu"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:19
+msgid "Choose \"SAML\" as the sign-on method"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:20
+msgid "In the \"Basic SAML Configuration\" section, click \"Edit\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:22
+msgid ""
+"Identifier (Entity ID): Use Zammad's Entity ID, which can be found at "
+"``https://your.zammad.domain/auth/saml/metadata``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:24
+msgid ""
+"Reply URL (Assertion Consumer Service URL): Set it to ``https://your.zammad."
+"domain/auth/saml/callback``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:27
+#, fuzzy
+#| msgid "Expert configuration dialog"
+msgid "Save the configuration"
+msgstr "Boîte de dialogue de configuration avancée"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:30
+msgid "3. Configure User Attributes and Claims Mapping"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:32
+msgid ""
+"In the \"Attributes & Claims\" section, click \"Edit\". By default, some "
+"claims like User Principal Name, Email Address, First Name, and Last Name "
+"are already configured."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid ""
+"Screenshots showing \"Attribute & Claims\" configuration in Entra admin "
+"center"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:41
+#, fuzzy
+msgid "4. Download the SAML Certificate"
+msgstr "Intégrations"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:43
+msgid ""
+"In the \"SAML Signing Certificate\" section, download the \"Certificate "
+"(Base64)\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+#, fuzzy
+#| msgid "Screenshot showing basic email account setup inbound"
+msgid "Screenshot showing the highlighted certificate export already"
+msgstr ""
+"Capture d'écran montrant la configuration de base d'une boîte de réception"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:51
+#, fuzzy
+#| msgid "Config"
+msgid "5. Configure Zammad"
+msgstr "Configuration"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:58
+msgid ""
+"IDP SSO target URL: The Login URL from the Microsoft Entra Admin Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:59
+msgid ""
+"IDP single logout target URL: The Logout URL from the Microsoft Entra Admin "
+"Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:66
+msgid "6. Assign Users"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:68
+msgid ""
+"In Microsoft Entra ID, assign the relevant users to the Zammad application "
+"to grant them access."
+msgstr ""
+
 #: ../settings/security/third-party/twitter.rst:4
 msgid ""
 "It is possible to create a quick login for your helpdesk via Twitter. To do "
diff --git a/locale/fr_CA/LC_MESSAGES/admin-docs.po b/locale/fr_CA/LC_MESSAGES/admin-docs.po
index 1e05a6d1..bfe1f1aa 100644
--- a/locale/fr_CA/LC_MESSAGES/admin-docs.po
+++ b/locale/fr_CA/LC_MESSAGES/admin-docs.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Zammad\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-11-14 11:32+0100\n"
+"POT-Creation-Date: 2024-11-29 15:26+0100\n"
 "PO-Revision-Date: 2021-12-03 14:33+0000\n"
 "Last-Translator: TRANSFER FROM TRANSIFEX <support@zammad.com>\n"
 "Language-Team: French (Canada) <https://translations.zammad.org/projects/"
@@ -26,6 +26,7 @@ msgstr "Clavardage"
 #: ../channels/chat.rst:5 ../channels/facebook.rst:5
 #: ../misc/object-conditions/basics.rst:5
 #: ../settings/security/ssl-certificates.rst:5
+#: ../settings/security/third-party/saml.rst:5
 #: ../system/integrations/pgp/index.rst:5 ../system/objects/permissions.rst:5
 #, fuzzy
 msgid "Introduction"
@@ -542,7 +543,7 @@ msgstr ""
 
 #: ../channels/email/accounts/account-setup.rst:141
 #: ../channels/email/accounts/account-setup.rst:264
-#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:166
+#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:149
 #: ../system/integrations/i-doit.rst:74
 #, fuzzy
 msgid "SSL verification"
@@ -808,7 +809,7 @@ msgstr ""
 #: ../channels/email/accounts/account-setup.rst:288
 #: ../channels/google/basic-setup.rst:231
 #: ../channels/microsoft365/accounts/account-setup.rst:170
-#: ../settings/security/third-party/saml.rst:203
+#: ../settings/security/third-party/saml.rst:186
 #: ../system/integrations/cti/includes/troubleshooting.include.rst:2
 #: ../system/integrations/github.rst:53 ../system/integrations/gitlab.rst:46
 #: ../system/integrations/pgp/index.rst:112
@@ -4194,8 +4195,8 @@ msgid "OpenId permissions"
 msgstr ""
 
 #: ../channels/microsoft365/accounts/register-app.rst:87
-#: ../settings/security/third-party/saml.rst:79
-#: ../settings/security/third-party/saml.rst:85
+#: ../settings/security/third-party/saml/saml-keycloak.rst:23
+#: ../settings/security/third-party/saml/saml-keycloak.rst:29
 msgid "``email``"
 msgstr ""
 
@@ -18212,188 +18213,133 @@ msgstr ""
 msgid "SAML"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:4
-msgid ""
-"Connect your SAML (Security Assertion Markup Language) identity provider as "
-"a single sign-on (SSO) method."
-msgstr ""
-
 #: ../settings/security/third-party/saml.rst:7
 msgid ""
-"SAML is an open standard for SSO authentication (among other things). Sign-"
-"ins are shared across multiple **service providers** and managed by a "
-"central **identity provider** (IdP)."
+"Connect your SAML (Security Assertion Markup Language) identity provider as "
+"a single sign-on (SSO) method. SAML is an open standard for SSO "
+"authentication (among other things). Sign-ins are shared across multiple "
+"**service providers** and managed by a central **identity provider** (IdP)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:11
+#: ../settings/security/third-party/saml.rst:12
 msgid ""
 "In this case, the service provider is Zammad, and the IdP is a software "
-"service that you either host or subscribe to (*e.g.,* `Keycloak <https://www."
+"service that you either host or subscribe to (e.g. `Keycloak <https://www."
 "keycloak.org/>`_, `Redhat SSO Server <https://access.redhat.com/products/red-"
 "hat-single-sign-on>`_, `ADFS <https://docs.microsoft.com/en-us/windows-"
 "server/identity/active-directory-federation-services>`_, or `Okta <https://"
 "www.okta.com/>`_)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:18
+#: ../settings/security/third-party/saml.rst:19
 msgid ""
-"This guide assumes you are already using SAML within your organization (i."
-"e., that your IdP is fully set up)."
+"This guide assumes you are already using SAML within your organization (i.e. "
+"that your IdP is fully set up)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:21
+#: ../settings/security/third-party/saml.rst:23
+#, fuzzy
+msgid "Basic Configuration"
+msgstr "Bloquer les notifications"
+
+#: ../settings/security/third-party/saml.rst:25
 msgid ""
-"Please note: Our instructions are based on connecting Zammad with Keycloak."
+"This section describes the setup of an IdP in a general way. See :ref:`saml-"
+"guides` for setup guides for Keycloak and Microsoft SAML."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:25
-msgid "Step 1: Configure Your IdP"
+#: ../settings/security/third-party/saml.rst:29
+msgid "Configure Your IdP"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:28
+#: ../settings/security/third-party/saml.rst:32
 msgid "Add Zammad as a Client/App"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:30
+#: ../settings/security/third-party/saml.rst:34
 msgid ""
 "Import Zammad into your IdP using the XML configuration found at ``https://"
 "your.zammad.domain/auth/saml/metadata``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:33
+#: ../settings/security/third-party/saml.rst:37
 msgid ""
 "If your IdP doesn't support XML import, you will have to configure Zammad as "
 "a new client/app manually using the above XML metadata file for reference."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:36
+#: ../settings/security/third-party/saml.rst:40
 msgid "For instance, when you see this tag:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:42
+#: ../settings/security/third-party/saml.rst:46
 msgid ""
 "Set the **Assertion Consumer Service Binding URL** (sometimes also listed as "
 "**Valid Redirect URIs**) to ``http://your.zammad.domain/auth/saml/callback``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:47
+#: ../settings/security/third-party/saml.rst:51
 msgid "Set Up User Attribute Mapping"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:49
+#: ../settings/security/third-party/saml.rst:53
 msgid ""
 "Zammad requests the following user attributes (or “properties”) from the IdP:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:51
+#: ../settings/security/third-party/saml.rst:55
 msgid "Email address (``email``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:52
+#: ../settings/security/third-party/saml.rst:56
 msgid "Full name (``name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:53
+#: ../settings/security/third-party/saml.rst:57
 msgid "Given name (``first_name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:54
+#: ../settings/security/third-party/saml.rst:58
 msgid "Family name (``last_name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:56
+#: ../settings/security/third-party/saml.rst:60
 msgid ""
 "You may need to set up “mappers” (or “mappings”) to tell your IdP how user "
 "attributes in SAML correspond to those in Zammad. For a more detailed "
 "breakdown, refer to the XML metadata file referenced in the previous section."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:62
-msgid "Per-IdP Instructions"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:102
-msgid "Keycloak"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:65
-msgid ""
-"**To add Zammad as a client,** save the XML configuration to disk (``https://"
-"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
-"Import client** in the Keycloak admin panel."
-msgstr ""
+#: ../settings/security/third-party/saml.rst:68
+#, fuzzy
+#| msgid "Configuration of the Chat widget"
+msgid "Configuration Guides"
+msgstr "Configuration du greffon de clavardage"
 
 #: ../settings/security/third-party/saml.rst:70
-msgid ""
-"To help Zammad **match its own user accounts to Keycloak users**, create a "
-"user attribute (or “property”) mapper. In **Clients list**, click on your "
-"newly created Client ID, choose the tab **Client scopes** and click on the "
-"link which refers to your Zammad instance. Choose **Add mapper > By "
-"configuration > User Property** and create a mapper with the following "
-"entries:"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:78
-msgid "**Name**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:80
-msgid "**Mapper Type**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:81
-msgid "``User Property``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:82
-msgid "**Property**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:83
-msgid "``emailAddress``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:84
-msgid "**SAML Attribute Name**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:86
-msgid "**SAML Attribute NameFormat**"
+msgid "You can find specific configuration guides for:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:87
-msgid "``basic``"
+#: ../settings/security/third-party/saml.rst:72
+msgid ":doc:`Keycloak <./saml/saml-keycloak>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:89
-msgid ""
-"In the example above, we're telling Zammad that whenever it receives a SAML "
-"login request, it should take the ``email`` property from Keycloak, look for "
-"a Zammad user with the same ``email`` attribute, and create a new session "
-"for that user."
+#: ../settings/security/third-party/saml.rst:73
+msgid ":doc:`Microsoft SAML <./saml/saml-microsoft>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:95
+#: ../settings/security/third-party/saml.rst:75
 msgid ""
-"If your Keycloak users' email addresses are stored on another property (*e."
-"g.,* ``username``), adjust accordingly."
+"If your are using another IdP, adapt it to your needs. For a description of "
+"the fields in Zammad, read on below."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:98
-msgid ""
-"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
-"saml/metadata``) in the field **Master SAML Processing URL**."
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:101
-msgid "You also need to enable **Sign assertions**."
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:105
-msgid "Step 2: Configure Zammad"
-msgstr ""
+#: ../settings/security/third-party/saml.rst:88
+#, fuzzy
+msgid "General Zammad Configuration"
+msgstr "Bloquer les notifications"
 
-#: ../settings/security/third-party/saml.rst:107
+#: ../settings/security/third-party/saml.rst:90
 msgid ""
 "Enable SAML and enter your IdP's details in the Admin Panel under **Settings "
 "> Security > Third Party Applications > Authentication via SAML**:"
@@ -18403,67 +18349,66 @@ msgstr ""
 msgid "Example configuration of SAML part 1"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Display name"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:116
+#: ../settings/security/third-party/saml.rst:99
 msgid ""
 "Allows you to define a custom button name for SAML. This helps your users to "
 "understand better what the button on the login page does."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Defaults to ``SAML``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:123
+#: ../settings/security/third-party/saml.rst:106
 msgid "IDP SSO target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:122
+#: ../settings/security/third-party/saml.rst:105
 msgid ""
 "This is the target URL Zammad shall redirect to when the user presses the "
-"SAML button. For Keycloak, this needs to look like https://your.domain/"
-"realms/your-realm/protocol/saml"
+"SAML button."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:127
+#: ../settings/security/third-party/saml.rst:110
 msgid "IDP single logout target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:126
+#: ../settings/security/third-party/saml.rst:109
 msgid ""
 "This is the URL to which the single logout request and response should be "
 "sent."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:131
+#: ../settings/security/third-party/saml.rst:114
 #, fuzzy
 msgid "IDP certificate"
 msgstr "Bloquer les notifications"
 
-#: ../settings/security/third-party/saml.rst:130
+#: ../settings/security/third-party/saml.rst:113
 msgid ""
 "The public certificate of your IDP for Zammad to verify during the callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:145
+#: ../settings/security/third-party/saml.rst:128
 msgid "IDP certificate fingerprint"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:134
+#: ../settings/security/third-party/saml.rst:117
 msgid ""
 "The fingerprint of your IDPs public certificate to verify during callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:137
+#: ../settings/security/third-party/saml.rst:120
 msgid "🔏 **For the IdP certificate / certificate fingerprint:**"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:139
+#: ../settings/security/third-party/saml.rst:122
 msgid ""
 "Provide **only one or the other**—do not provide both! (Between the two, we "
 "recommend the signing certificate itself: fingerprints use SHA-1, which `has "
@@ -18471,32 +18416,32 @@ msgid ""
 "sha1_broken.html>`_.)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:144
+#: ../settings/security/third-party/saml.rst:127
 msgid ""
 "**Keycloak users:** Find your certificate in the Keycloak admin panel under "
 "**Realm Settings > Keys > Algorithm: RS256 > Certificate**."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Name identifier format"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:148
+#: ../settings/security/third-party/saml.rst:131
 msgid ""
 "This is the unique identifiers field type. Usually it should be ``urn:oasis:"
 "names:tc:SAML:1.1:nameid-format:emailAddress``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Zammad **expects an email address as unique identifier**!"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:155
+#: ../settings/security/third-party/saml.rst:138
 #, fuzzy
 msgid "UID attribute name"
 msgstr "Attributs d'article"
 
-#: ../settings/security/third-party/saml.rst:154
+#: ../settings/security/third-party/saml.rst:137
 msgid ""
 "Here you can define an attribute that uniquely identifies the user. If "
 "unset, the name identifier returned by the IDP is used."
@@ -18506,103 +18451,367 @@ msgstr ""
 msgid "Example configuration of SAML part 2"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:163
+#: ../settings/security/third-party/saml.rst:146
 msgid ""
 "Decide if the certificate for the connection to the IdP service has to be "
 "verified or not (default: ``yes``)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid "Signing & Encrypting"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid ""
 "Define if you want to sign, encrypt, do both or nothing for the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "Certificate (PEM)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:172
+#: ../settings/security/third-party/saml.rst:155
 msgid ""
 "Paste the public certificate of your Zammad SAML client, if you want to "
 "encrypt the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:175
+#: ../settings/security/third-party/saml.rst:158
 #, fuzzy
 msgid "Make sure the certificate is:"
 msgstr "Bloquer les notifications"
 
-#: ../settings/security/third-party/saml.rst:177
+#: ../settings/security/third-party/saml.rst:160
 msgid "already valid and not yet expired"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:178
+#: ../settings/security/third-party/saml.rst:161
 #, fuzzy
 msgid "no CA certificate"
 msgstr "Bloquer les notifications"
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "valid for signing and encrypting"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Private key (PEM)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:182
+#: ../settings/security/third-party/saml.rst:165
 msgid ""
 "Paste the private key of your Zammad SAML client here, if you want to sign "
 "the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Make sure the key is an RSA key with a length of at least 2048 bits."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "Private key secret"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "If your private key is secured with a secret, you can provide it here."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:192
+#: ../settings/security/third-party/saml.rst:175
 msgid "Your callback URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:191
+#: ../settings/security/third-party/saml.rst:174
 msgid ""
 "This URL is needed for your IdP configuration so it knows where to redirect "
 "to after successful authentication."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:194
+#: ../settings/security/third-party/saml.rst:177
 msgid ""
 "After saving your input by clicking on the \"Submit\" button, Zammad "
 "verifies the provided keys/certificates (e.g. if they are valid for signing/"
 "encrypting and if they aren't expired)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:199
+#: ../settings/security/third-party/saml.rst:182
 msgid ""
 "See :ref:`automatic account linking <automatic-account-linking>` for details "
 "on how to link existing Zammad accounts to IdP accounts."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:205
+#: ../settings/security/third-party/saml.rst:188
 msgid "Automatic account linking doesn't work"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:206
+#: ../settings/security/third-party/saml.rst:189
 msgid ""
 "Have you double-checked your IdP's user attribute mapping configuration?"
 msgstr ""
 
+#: ../settings/security/third-party/saml/saml-keycloak.rst:2
+msgid "SAML with Keycloak"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:5
+#, fuzzy
+msgid "Step 1: Keycloak Configuration"
+msgstr "Bloquer les notifications"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:7
+msgid ""
+"**To add Zammad as a client,** save the XML configuration to disk (``https://"
+"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
+"Import client** in the Keycloak admin panel."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:13
+msgid ""
+"To help Zammad **match its own user accounts to Keycloak users**, create a "
+"user attribute (or “property”) mapper. In **Clients list**, click on your "
+"newly created Client ID, choose the tab **Client scopes** and click on the "
+"link which refers to your Zammad instance. Choose **Add mapper > By "
+"configuration > User Property** and create a mapper with the following "
+"entries:"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:22
+msgid "**Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:24
+msgid "**Mapper Type**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:25
+msgid "``User Property``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:26
+msgid "**Property**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:27
+msgid "``emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:28
+msgid "**SAML Attribute Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:30
+msgid "**SAML Attribute NameFormat**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:31
+msgid "``basic``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:33
+msgid ""
+"In the example above, we're telling Zammad that whenever it receives a SAML "
+"login request, it should take the ``email`` property from Keycloak, look for "
+"a Zammad user with the same ``email`` attribute, and create a new session "
+"for that user."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:39
+msgid ""
+"If your Keycloak users' email addresses are stored on another property (*e."
+"g.,* ``username``), adjust accordingly."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:42
+msgid ""
+"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
+"saml/metadata``) in the field **Master SAML Processing URL**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:46
+msgid "You also need to enable **Sign assertions**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:49
+msgid "2. Configure Zammad"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:51
+#: ../settings/security/third-party/saml/saml-microsoft.rst:53
+msgid "Log in to Zammad as an administrator"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:52
+#: ../settings/security/third-party/saml/saml-microsoft.rst:54
+msgid ""
+"In the admin panel go to \"Settings\" > \"Security\" > \"Third-party "
+"Applications\" > \"Authentication via SAML\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:54
+#: ../settings/security/third-party/saml/saml-microsoft.rst:56
+msgid "Provide the following information:"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:56
+msgid ""
+"SAML IdP Login URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:57
+msgid ""
+"SAML IdP Logout URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:59
+#: ../settings/security/third-party/saml/saml-microsoft.rst:61
+msgid ""
+"Name Identifier Format: ``urn:oasis:names:tc:SAML:1.1:nameid-format:"
+"emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:60
+#: ../settings/security/third-party/saml/saml-microsoft.rst:62
+msgid ""
+"SAML IdP Certificate: Upload the previously downloaded Base64 certificate."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:61
+#: ../settings/security/third-party/saml/saml-microsoft.rst:63
+#, fuzzy
+msgid "Save the settings"
+msgstr "Réglages"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:64
+#: ../settings/security/third-party/saml/saml-microsoft.rst:72
+msgid ""
+"Read on at :ref:`saml-zammad` for a description of the specific fields in "
+"Zammad."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:2
+msgid "SAML with Microsoft 365"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:5
+msgid "1. Register Zammad as an Application in Microsoft Entra ID"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:7
+msgid "Log in to the Microsoft Entra admin center with administrative rights"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:8
+msgid ""
+"Navigate to \"Identity\" > \"Applications\" > \"Enterprise Applications\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:9
+msgid "Click \"New Application\" and select \"Create your own application\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:10
+msgid "Enter a name for the application, e.g. \"Zammad SAML Integration\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:11
+msgid ""
+"Choose \"Integrate any other application you don't find in the gallery\", "
+"then click \"Create\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:15
+msgid "2. Configure SAML-based Single Sign-On (SSO)"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:17
+msgid "After the application is created, go to its overview page"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:18
+msgid "Select \"Single sign-on\" from the left-hand menu"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:19
+msgid "Choose \"SAML\" as the sign-on method"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:20
+msgid "In the \"Basic SAML Configuration\" section, click \"Edit\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:22
+msgid ""
+"Identifier (Entity ID): Use Zammad's Entity ID, which can be found at "
+"``https://your.zammad.domain/auth/saml/metadata``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:24
+msgid ""
+"Reply URL (Assertion Consumer Service URL): Set it to ``https://your.zammad."
+"domain/auth/saml/callback``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:27
+#, fuzzy
+msgid "Save the configuration"
+msgstr "Bloquer les notifications"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:30
+msgid "3. Configure User Attributes and Claims Mapping"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:32
+msgid ""
+"In the \"Attributes & Claims\" section, click \"Edit\". By default, some "
+"claims like User Principal Name, Email Address, First Name, and Last Name "
+"are already configured."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid ""
+"Screenshots showing \"Attribute & Claims\" configuration in Entra admin "
+"center"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:41
+#, fuzzy
+msgid "4. Download the SAML Certificate"
+msgstr "Bloquer les notifications"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:43
+msgid ""
+"In the \"SAML Signing Certificate\" section, download the \"Certificate "
+"(Base64)\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid "Screenshot showing the highlighted certificate export already"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:51
+msgid "5. Configure Zammad"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:58
+msgid ""
+"IDP SSO target URL: The Login URL from the Microsoft Entra Admin Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:59
+msgid ""
+"IDP single logout target URL: The Logout URL from the Microsoft Entra Admin "
+"Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:66
+msgid "6. Assign Users"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:68
+msgid ""
+"In Microsoft Entra ID, assign the relevant users to the Zammad application "
+"to grant them access."
+msgstr ""
+
 #: ../settings/security/third-party/twitter.rst:4
 msgid ""
 "It is possible to create a quick login for your helpdesk via Twitter. To do "
diff --git a/locale/hr/LC_MESSAGES/admin-docs.po b/locale/hr/LC_MESSAGES/admin-docs.po
index ac21859a..9604b28a 100644
--- a/locale/hr/LC_MESSAGES/admin-docs.po
+++ b/locale/hr/LC_MESSAGES/admin-docs.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Zammad\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-11-14 11:32+0100\n"
+"POT-Creation-Date: 2024-11-29 15:26+0100\n"
 "PO-Revision-Date: 2022-06-15 13:40+0000\n"
 "Last-Translator: Ivan Perovic <ip@zammad.com>\n"
 "Language-Team: Croatian <https://translations.zammad.org/projects/"
@@ -27,6 +27,7 @@ msgstr "Chat"
 #: ../channels/chat.rst:5 ../channels/facebook.rst:5
 #: ../misc/object-conditions/basics.rst:5
 #: ../settings/security/ssl-certificates.rst:5
+#: ../settings/security/third-party/saml.rst:5
 #: ../system/integrations/pgp/index.rst:5 ../system/objects/permissions.rst:5
 msgid "Introduction"
 msgstr ""
@@ -568,7 +569,7 @@ msgstr ""
 
 #: ../channels/email/accounts/account-setup.rst:141
 #: ../channels/email/accounts/account-setup.rst:264
-#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:166
+#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:149
 #: ../system/integrations/i-doit.rst:74
 msgid "SSL verification"
 msgstr ""
@@ -833,7 +834,7 @@ msgstr ""
 #: ../channels/email/accounts/account-setup.rst:288
 #: ../channels/google/basic-setup.rst:231
 #: ../channels/microsoft365/accounts/account-setup.rst:170
-#: ../settings/security/third-party/saml.rst:203
+#: ../settings/security/third-party/saml.rst:186
 #: ../system/integrations/cti/includes/troubleshooting.include.rst:2
 #: ../system/integrations/github.rst:53 ../system/integrations/gitlab.rst:46
 #: ../system/integrations/pgp/index.rst:112
@@ -4098,8 +4099,8 @@ msgid "OpenId permissions"
 msgstr ""
 
 #: ../channels/microsoft365/accounts/register-app.rst:87
-#: ../settings/security/third-party/saml.rst:79
-#: ../settings/security/third-party/saml.rst:85
+#: ../settings/security/third-party/saml/saml-keycloak.rst:23
+#: ../settings/security/third-party/saml/saml-keycloak.rst:29
 msgid "``email``"
 msgstr ""
 
@@ -17953,188 +17954,133 @@ msgstr ""
 msgid "SAML"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:4
-msgid ""
-"Connect your SAML (Security Assertion Markup Language) identity provider as "
-"a single sign-on (SSO) method."
-msgstr ""
-
 #: ../settings/security/third-party/saml.rst:7
 msgid ""
-"SAML is an open standard for SSO authentication (among other things). Sign-"
-"ins are shared across multiple **service providers** and managed by a "
-"central **identity provider** (IdP)."
+"Connect your SAML (Security Assertion Markup Language) identity provider as "
+"a single sign-on (SSO) method. SAML is an open standard for SSO "
+"authentication (among other things). Sign-ins are shared across multiple "
+"**service providers** and managed by a central **identity provider** (IdP)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:11
+#: ../settings/security/third-party/saml.rst:12
 msgid ""
 "In this case, the service provider is Zammad, and the IdP is a software "
-"service that you either host or subscribe to (*e.g.,* `Keycloak <https://www."
+"service that you either host or subscribe to (e.g. `Keycloak <https://www."
 "keycloak.org/>`_, `Redhat SSO Server <https://access.redhat.com/products/red-"
 "hat-single-sign-on>`_, `ADFS <https://docs.microsoft.com/en-us/windows-"
 "server/identity/active-directory-federation-services>`_, or `Okta <https://"
 "www.okta.com/>`_)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:18
+#: ../settings/security/third-party/saml.rst:19
 msgid ""
-"This guide assumes you are already using SAML within your organization (i."
-"e., that your IdP is fully set up)."
+"This guide assumes you are already using SAML within your organization (i.e. "
+"that your IdP is fully set up)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:21
+#: ../settings/security/third-party/saml.rst:23
+#, fuzzy
+#| msgid "Configuration of the Chat widget"
+msgid "Basic Configuration"
+msgstr "Konfiguracija chat widgeta"
+
+#: ../settings/security/third-party/saml.rst:25
 msgid ""
-"Please note: Our instructions are based on connecting Zammad with Keycloak."
+"This section describes the setup of an IdP in a general way. See :ref:`saml-"
+"guides` for setup guides for Keycloak and Microsoft SAML."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:25
-msgid "Step 1: Configure Your IdP"
+#: ../settings/security/third-party/saml.rst:29
+msgid "Configure Your IdP"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:28
+#: ../settings/security/third-party/saml.rst:32
 msgid "Add Zammad as a Client/App"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:30
+#: ../settings/security/third-party/saml.rst:34
 msgid ""
 "Import Zammad into your IdP using the XML configuration found at ``https://"
 "your.zammad.domain/auth/saml/metadata``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:33
+#: ../settings/security/third-party/saml.rst:37
 msgid ""
 "If your IdP doesn't support XML import, you will have to configure Zammad as "
 "a new client/app manually using the above XML metadata file for reference."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:36
+#: ../settings/security/third-party/saml.rst:40
 msgid "For instance, when you see this tag:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:42
+#: ../settings/security/third-party/saml.rst:46
 msgid ""
 "Set the **Assertion Consumer Service Binding URL** (sometimes also listed as "
 "**Valid Redirect URIs**) to ``http://your.zammad.domain/auth/saml/callback``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:47
+#: ../settings/security/third-party/saml.rst:51
 msgid "Set Up User Attribute Mapping"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:49
+#: ../settings/security/third-party/saml.rst:53
 msgid ""
 "Zammad requests the following user attributes (or “properties”) from the IdP:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:51
+#: ../settings/security/third-party/saml.rst:55
 msgid "Email address (``email``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:52
+#: ../settings/security/third-party/saml.rst:56
 msgid "Full name (``name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:53
+#: ../settings/security/third-party/saml.rst:57
 msgid "Given name (``first_name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:54
+#: ../settings/security/third-party/saml.rst:58
 msgid "Family name (``last_name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:56
+#: ../settings/security/third-party/saml.rst:60
 msgid ""
 "You may need to set up “mappers” (or “mappings”) to tell your IdP how user "
 "attributes in SAML correspond to those in Zammad. For a more detailed "
 "breakdown, refer to the XML metadata file referenced in the previous section."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:62
-msgid "Per-IdP Instructions"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:102
-msgid "Keycloak"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:65
-msgid ""
-"**To add Zammad as a client,** save the XML configuration to disk (``https://"
-"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
-"Import client** in the Keycloak admin panel."
-msgstr ""
+#: ../settings/security/third-party/saml.rst:68
+#, fuzzy
+#| msgid "Configuration of the Chat widget"
+msgid "Configuration Guides"
+msgstr "Konfiguracija chat widgeta"
 
 #: ../settings/security/third-party/saml.rst:70
-msgid ""
-"To help Zammad **match its own user accounts to Keycloak users**, create a "
-"user attribute (or “property”) mapper. In **Clients list**, click on your "
-"newly created Client ID, choose the tab **Client scopes** and click on the "
-"link which refers to your Zammad instance. Choose **Add mapper > By "
-"configuration > User Property** and create a mapper with the following "
-"entries:"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:78
-msgid "**Name**"
+msgid "You can find specific configuration guides for:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:80
-msgid "**Mapper Type**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:81
-msgid "``User Property``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:82
-msgid "**Property**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:83
-msgid "``emailAddress``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:84
-msgid "**SAML Attribute Name**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:86
-msgid "**SAML Attribute NameFormat**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:87
-msgid "``basic``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:89
-msgid ""
-"In the example above, we're telling Zammad that whenever it receives a SAML "
-"login request, it should take the ``email`` property from Keycloak, look for "
-"a Zammad user with the same ``email`` attribute, and create a new session "
-"for that user."
+#: ../settings/security/third-party/saml.rst:72
+msgid ":doc:`Keycloak <./saml/saml-keycloak>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:95
-msgid ""
-"If your Keycloak users' email addresses are stored on another property (*e."
-"g.,* ``username``), adjust accordingly."
+#: ../settings/security/third-party/saml.rst:73
+msgid ":doc:`Microsoft SAML <./saml/saml-microsoft>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:98
+#: ../settings/security/third-party/saml.rst:75
 msgid ""
-"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
-"saml/metadata``) in the field **Master SAML Processing URL**."
+"If your are using another IdP, adapt it to your needs. For a description of "
+"the fields in Zammad, read on below."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:101
-msgid "You also need to enable **Sign assertions**."
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:105
-msgid "Step 2: Configure Zammad"
+#: ../settings/security/third-party/saml.rst:88
+msgid "General Zammad Configuration"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:107
+#: ../settings/security/third-party/saml.rst:90
 msgid ""
 "Enable SAML and enter your IdP's details in the Admin Panel under **Settings "
 "> Security > Third Party Applications > Authentication via SAML**:"
@@ -18144,66 +18090,65 @@ msgstr ""
 msgid "Example configuration of SAML part 1"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Display name"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:116
+#: ../settings/security/third-party/saml.rst:99
 msgid ""
 "Allows you to define a custom button name for SAML. This helps your users to "
 "understand better what the button on the login page does."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Defaults to ``SAML``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:123
+#: ../settings/security/third-party/saml.rst:106
 msgid "IDP SSO target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:122
+#: ../settings/security/third-party/saml.rst:105
 msgid ""
 "This is the target URL Zammad shall redirect to when the user presses the "
-"SAML button. For Keycloak, this needs to look like https://your.domain/"
-"realms/your-realm/protocol/saml"
+"SAML button."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:127
+#: ../settings/security/third-party/saml.rst:110
 msgid "IDP single logout target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:126
+#: ../settings/security/third-party/saml.rst:109
 msgid ""
 "This is the URL to which the single logout request and response should be "
 "sent."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:131
+#: ../settings/security/third-party/saml.rst:114
 msgid "IDP certificate"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:130
+#: ../settings/security/third-party/saml.rst:113
 msgid ""
 "The public certificate of your IDP for Zammad to verify during the callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:145
+#: ../settings/security/third-party/saml.rst:128
 msgid "IDP certificate fingerprint"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:134
+#: ../settings/security/third-party/saml.rst:117
 msgid ""
 "The fingerprint of your IDPs public certificate to verify during callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:137
+#: ../settings/security/third-party/saml.rst:120
 msgid "🔏 **For the IdP certificate / certificate fingerprint:**"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:139
+#: ../settings/security/third-party/saml.rst:122
 msgid ""
 "Provide **only one or the other**—do not provide both! (Between the two, we "
 "recommend the signing certificate itself: fingerprints use SHA-1, which `has "
@@ -18211,31 +18156,31 @@ msgid ""
 "sha1_broken.html>`_.)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:144
+#: ../settings/security/third-party/saml.rst:127
 msgid ""
 "**Keycloak users:** Find your certificate in the Keycloak admin panel under "
 "**Realm Settings > Keys > Algorithm: RS256 > Certificate**."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Name identifier format"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:148
+#: ../settings/security/third-party/saml.rst:131
 msgid ""
 "This is the unique identifiers field type. Usually it should be ``urn:oasis:"
 "names:tc:SAML:1.1:nameid-format:emailAddress``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Zammad **expects an email address as unique identifier**!"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:155
+#: ../settings/security/third-party/saml.rst:138
 msgid "UID attribute name"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:154
+#: ../settings/security/third-party/saml.rst:137
 msgid ""
 "Here you can define an attribute that uniquely identifies the user. If "
 "unset, the name identifier returned by the IDP is used."
@@ -18245,102 +18190,362 @@ msgstr ""
 msgid "Example configuration of SAML part 2"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:163
+#: ../settings/security/third-party/saml.rst:146
 msgid ""
 "Decide if the certificate for the connection to the IdP service has to be "
 "verified or not (default: ``yes``)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid "Signing & Encrypting"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid ""
 "Define if you want to sign, encrypt, do both or nothing for the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "Certificate (PEM)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:172
+#: ../settings/security/third-party/saml.rst:155
 msgid ""
 "Paste the public certificate of your Zammad SAML client, if you want to "
 "encrypt the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:175
+#: ../settings/security/third-party/saml.rst:158
 msgid "Make sure the certificate is:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:177
+#: ../settings/security/third-party/saml.rst:160
 msgid "already valid and not yet expired"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:178
+#: ../settings/security/third-party/saml.rst:161
 msgid "no CA certificate"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "valid for signing and encrypting"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Private key (PEM)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:182
+#: ../settings/security/third-party/saml.rst:165
 msgid ""
 "Paste the private key of your Zammad SAML client here, if you want to sign "
 "the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Make sure the key is an RSA key with a length of at least 2048 bits."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "Private key secret"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "If your private key is secured with a secret, you can provide it here."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:192
+#: ../settings/security/third-party/saml.rst:175
 msgid "Your callback URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:191
+#: ../settings/security/third-party/saml.rst:174
 msgid ""
 "This URL is needed for your IdP configuration so it knows where to redirect "
 "to after successful authentication."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:194
+#: ../settings/security/third-party/saml.rst:177
 msgid ""
 "After saving your input by clicking on the \"Submit\" button, Zammad "
 "verifies the provided keys/certificates (e.g. if they are valid for signing/"
 "encrypting and if they aren't expired)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:199
+#: ../settings/security/third-party/saml.rst:182
 msgid ""
 "See :ref:`automatic account linking <automatic-account-linking>` for details "
 "on how to link existing Zammad accounts to IdP accounts."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:205
+#: ../settings/security/third-party/saml.rst:188
 #, fuzzy
 msgid "Automatic account linking doesn't work"
 msgstr ":doc:`accounts/email-notification`"
 
-#: ../settings/security/third-party/saml.rst:206
+#: ../settings/security/third-party/saml.rst:189
 msgid ""
 "Have you double-checked your IdP's user attribute mapping configuration?"
 msgstr ""
 
+#: ../settings/security/third-party/saml/saml-keycloak.rst:2
+msgid "SAML with Keycloak"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:5
+msgid "Step 1: Keycloak Configuration"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:7
+msgid ""
+"**To add Zammad as a client,** save the XML configuration to disk (``https://"
+"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
+"Import client** in the Keycloak admin panel."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:13
+msgid ""
+"To help Zammad **match its own user accounts to Keycloak users**, create a "
+"user attribute (or “property”) mapper. In **Clients list**, click on your "
+"newly created Client ID, choose the tab **Client scopes** and click on the "
+"link which refers to your Zammad instance. Choose **Add mapper > By "
+"configuration > User Property** and create a mapper with the following "
+"entries:"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:22
+msgid "**Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:24
+msgid "**Mapper Type**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:25
+msgid "``User Property``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:26
+msgid "**Property**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:27
+msgid "``emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:28
+msgid "**SAML Attribute Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:30
+msgid "**SAML Attribute NameFormat**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:31
+msgid "``basic``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:33
+msgid ""
+"In the example above, we're telling Zammad that whenever it receives a SAML "
+"login request, it should take the ``email`` property from Keycloak, look for "
+"a Zammad user with the same ``email`` attribute, and create a new session "
+"for that user."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:39
+msgid ""
+"If your Keycloak users' email addresses are stored on another property (*e."
+"g.,* ``username``), adjust accordingly."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:42
+msgid ""
+"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
+"saml/metadata``) in the field **Master SAML Processing URL**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:46
+msgid "You also need to enable **Sign assertions**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:49
+msgid "2. Configure Zammad"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:51
+#: ../settings/security/third-party/saml/saml-microsoft.rst:53
+msgid "Log in to Zammad as an administrator"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:52
+#: ../settings/security/third-party/saml/saml-microsoft.rst:54
+msgid ""
+"In the admin panel go to \"Settings\" > \"Security\" > \"Third-party "
+"Applications\" > \"Authentication via SAML\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:54
+#: ../settings/security/third-party/saml/saml-microsoft.rst:56
+msgid "Provide the following information:"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:56
+msgid ""
+"SAML IdP Login URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:57
+msgid ""
+"SAML IdP Logout URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:59
+#: ../settings/security/third-party/saml/saml-microsoft.rst:61
+msgid ""
+"Name Identifier Format: ``urn:oasis:names:tc:SAML:1.1:nameid-format:"
+"emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:60
+#: ../settings/security/third-party/saml/saml-microsoft.rst:62
+msgid ""
+"SAML IdP Certificate: Upload the previously downloaded Base64 certificate."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:61
+#: ../settings/security/third-party/saml/saml-microsoft.rst:63
+msgid "Save the settings"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:64
+#: ../settings/security/third-party/saml/saml-microsoft.rst:72
+msgid ""
+"Read on at :ref:`saml-zammad` for a description of the specific fields in "
+"Zammad."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:2
+msgid "SAML with Microsoft 365"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:5
+msgid "1. Register Zammad as an Application in Microsoft Entra ID"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:7
+msgid "Log in to the Microsoft Entra admin center with administrative rights"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:8
+msgid ""
+"Navigate to \"Identity\" > \"Applications\" > \"Enterprise Applications\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:9
+msgid "Click \"New Application\" and select \"Create your own application\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:10
+msgid "Enter a name for the application, e.g. \"Zammad SAML Integration\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:11
+msgid ""
+"Choose \"Integrate any other application you don't find in the gallery\", "
+"then click \"Create\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:15
+msgid "2. Configure SAML-based Single Sign-On (SSO)"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:17
+msgid "After the application is created, go to its overview page"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:18
+msgid "Select \"Single sign-on\" from the left-hand menu"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:19
+msgid "Choose \"SAML\" as the sign-on method"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:20
+msgid "In the \"Basic SAML Configuration\" section, click \"Edit\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:22
+msgid ""
+"Identifier (Entity ID): Use Zammad's Entity ID, which can be found at "
+"``https://your.zammad.domain/auth/saml/metadata``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:24
+msgid ""
+"Reply URL (Assertion Consumer Service URL): Set it to ``https://your.zammad."
+"domain/auth/saml/callback``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:27
+msgid "Save the configuration"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:30
+msgid "3. Configure User Attributes and Claims Mapping"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:32
+msgid ""
+"In the \"Attributes & Claims\" section, click \"Edit\". By default, some "
+"claims like User Principal Name, Email Address, First Name, and Last Name "
+"are already configured."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid ""
+"Screenshots showing \"Attribute & Claims\" configuration in Entra admin "
+"center"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:41
+msgid "4. Download the SAML Certificate"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:43
+msgid ""
+"In the \"SAML Signing Certificate\" section, download the \"Certificate "
+"(Base64)\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid "Screenshot showing the highlighted certificate export already"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:51
+msgid "5. Configure Zammad"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:58
+msgid ""
+"IDP SSO target URL: The Login URL from the Microsoft Entra Admin Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:59
+msgid ""
+"IDP single logout target URL: The Logout URL from the Microsoft Entra Admin "
+"Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:66
+msgid "6. Assign Users"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:68
+msgid ""
+"In Microsoft Entra ID, assign the relevant users to the Zammad application "
+"to grant them access."
+msgstr ""
+
 #: ../settings/security/third-party/twitter.rst:4
 msgid ""
 "It is possible to create a quick login for your helpdesk via Twitter. To do "
diff --git a/locale/hu/LC_MESSAGES/admin-docs.po b/locale/hu/LC_MESSAGES/admin-docs.po
index 65a83c08..af82575f 100644
--- a/locale/hu/LC_MESSAGES/admin-docs.po
+++ b/locale/hu/LC_MESSAGES/admin-docs.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Zammad\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-11-14 11:32+0100\n"
+"POT-Creation-Date: 2024-11-29 15:26+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: Automatically generated\n"
 "Language-Team: none\n"
@@ -23,6 +23,7 @@ msgstr ""
 #: ../channels/chat.rst:5 ../channels/facebook.rst:5
 #: ../misc/object-conditions/basics.rst:5
 #: ../settings/security/ssl-certificates.rst:5
+#: ../settings/security/third-party/saml.rst:5
 #: ../system/integrations/pgp/index.rst:5 ../system/objects/permissions.rst:5
 msgid "Introduction"
 msgstr ""
@@ -505,7 +506,7 @@ msgstr ""
 
 #: ../channels/email/accounts/account-setup.rst:141
 #: ../channels/email/accounts/account-setup.rst:264
-#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:166
+#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:149
 #: ../system/integrations/i-doit.rst:74
 msgid "SSL verification"
 msgstr ""
@@ -770,7 +771,7 @@ msgstr ""
 #: ../channels/email/accounts/account-setup.rst:288
 #: ../channels/google/basic-setup.rst:231
 #: ../channels/microsoft365/accounts/account-setup.rst:170
-#: ../settings/security/third-party/saml.rst:203
+#: ../settings/security/third-party/saml.rst:186
 #: ../system/integrations/cti/includes/troubleshooting.include.rst:2
 #: ../system/integrations/github.rst:53 ../system/integrations/gitlab.rst:46
 #: ../system/integrations/pgp/index.rst:112
@@ -4027,8 +4028,8 @@ msgid "OpenId permissions"
 msgstr ""
 
 #: ../channels/microsoft365/accounts/register-app.rst:87
-#: ../settings/security/third-party/saml.rst:79
-#: ../settings/security/third-party/saml.rst:85
+#: ../settings/security/third-party/saml/saml-keycloak.rst:23
+#: ../settings/security/third-party/saml/saml-keycloak.rst:29
 msgid "``email``"
 msgstr ""
 
@@ -17847,188 +17848,129 @@ msgstr ""
 msgid "SAML"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:4
-msgid ""
-"Connect your SAML (Security Assertion Markup Language) identity provider as "
-"a single sign-on (SSO) method."
-msgstr ""
-
 #: ../settings/security/third-party/saml.rst:7
 msgid ""
-"SAML is an open standard for SSO authentication (among other things). Sign-"
-"ins are shared across multiple **service providers** and managed by a "
-"central **identity provider** (IdP)."
+"Connect your SAML (Security Assertion Markup Language) identity provider as "
+"a single sign-on (SSO) method. SAML is an open standard for SSO "
+"authentication (among other things). Sign-ins are shared across multiple "
+"**service providers** and managed by a central **identity provider** (IdP)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:11
+#: ../settings/security/third-party/saml.rst:12
 msgid ""
 "In this case, the service provider is Zammad, and the IdP is a software "
-"service that you either host or subscribe to (*e.g.,* `Keycloak <https://www."
+"service that you either host or subscribe to (e.g. `Keycloak <https://www."
 "keycloak.org/>`_, `Redhat SSO Server <https://access.redhat.com/products/red-"
 "hat-single-sign-on>`_, `ADFS <https://docs.microsoft.com/en-us/windows-"
 "server/identity/active-directory-federation-services>`_, or `Okta <https://"
 "www.okta.com/>`_)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:18
+#: ../settings/security/third-party/saml.rst:19
 msgid ""
-"This guide assumes you are already using SAML within your organization (i."
-"e., that your IdP is fully set up)."
+"This guide assumes you are already using SAML within your organization (i.e. "
+"that your IdP is fully set up)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:21
-msgid ""
-"Please note: Our instructions are based on connecting Zammad with Keycloak."
+#: ../settings/security/third-party/saml.rst:23
+msgid "Basic Configuration"
 msgstr ""
 
 #: ../settings/security/third-party/saml.rst:25
-msgid "Step 1: Configure Your IdP"
+msgid ""
+"This section describes the setup of an IdP in a general way. See :ref:`saml-"
+"guides` for setup guides for Keycloak and Microsoft SAML."
+msgstr ""
+
+#: ../settings/security/third-party/saml.rst:29
+msgid "Configure Your IdP"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:28
+#: ../settings/security/third-party/saml.rst:32
 msgid "Add Zammad as a Client/App"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:30
+#: ../settings/security/third-party/saml.rst:34
 msgid ""
 "Import Zammad into your IdP using the XML configuration found at ``https://"
 "your.zammad.domain/auth/saml/metadata``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:33
+#: ../settings/security/third-party/saml.rst:37
 msgid ""
 "If your IdP doesn't support XML import, you will have to configure Zammad as "
 "a new client/app manually using the above XML metadata file for reference."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:36
+#: ../settings/security/third-party/saml.rst:40
 msgid "For instance, when you see this tag:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:42
+#: ../settings/security/third-party/saml.rst:46
 msgid ""
 "Set the **Assertion Consumer Service Binding URL** (sometimes also listed as "
 "**Valid Redirect URIs**) to ``http://your.zammad.domain/auth/saml/callback``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:47
+#: ../settings/security/third-party/saml.rst:51
 msgid "Set Up User Attribute Mapping"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:49
+#: ../settings/security/third-party/saml.rst:53
 msgid ""
 "Zammad requests the following user attributes (or “properties”) from the IdP:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:51
+#: ../settings/security/third-party/saml.rst:55
 msgid "Email address (``email``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:52
+#: ../settings/security/third-party/saml.rst:56
 msgid "Full name (``name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:53
+#: ../settings/security/third-party/saml.rst:57
 msgid "Given name (``first_name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:54
+#: ../settings/security/third-party/saml.rst:58
 msgid "Family name (``last_name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:56
+#: ../settings/security/third-party/saml.rst:60
 msgid ""
 "You may need to set up “mappers” (or “mappings”) to tell your IdP how user "
 "attributes in SAML correspond to those in Zammad. For a more detailed "
 "breakdown, refer to the XML metadata file referenced in the previous section."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:62
-msgid "Per-IdP Instructions"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:102
-msgid "Keycloak"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:65
-msgid ""
-"**To add Zammad as a client,** save the XML configuration to disk (``https://"
-"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
-"Import client** in the Keycloak admin panel."
+#: ../settings/security/third-party/saml.rst:68
+msgid "Configuration Guides"
 msgstr ""
 
 #: ../settings/security/third-party/saml.rst:70
-msgid ""
-"To help Zammad **match its own user accounts to Keycloak users**, create a "
-"user attribute (or “property”) mapper. In **Clients list**, click on your "
-"newly created Client ID, choose the tab **Client scopes** and click on the "
-"link which refers to your Zammad instance. Choose **Add mapper > By "
-"configuration > User Property** and create a mapper with the following "
-"entries:"
+msgid "You can find specific configuration guides for:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:78
-msgid "**Name**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:80
-msgid "**Mapper Type**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:81
-msgid "``User Property``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:82
-msgid "**Property**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:83
-msgid "``emailAddress``"
+#: ../settings/security/third-party/saml.rst:72
+msgid ":doc:`Keycloak <./saml/saml-keycloak>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:84
-msgid "**SAML Attribute Name**"
+#: ../settings/security/third-party/saml.rst:73
+msgid ":doc:`Microsoft SAML <./saml/saml-microsoft>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:86
-msgid "**SAML Attribute NameFormat**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:87
-msgid "``basic``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:89
+#: ../settings/security/third-party/saml.rst:75
 msgid ""
-"In the example above, we're telling Zammad that whenever it receives a SAML "
-"login request, it should take the ``email`` property from Keycloak, look for "
-"a Zammad user with the same ``email`` attribute, and create a new session "
-"for that user."
+"If your are using another IdP, adapt it to your needs. For a description of "
+"the fields in Zammad, read on below."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:95
-msgid ""
-"If your Keycloak users' email addresses are stored on another property (*e."
-"g.,* ``username``), adjust accordingly."
+#: ../settings/security/third-party/saml.rst:88
+msgid "General Zammad Configuration"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:98
-msgid ""
-"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
-"saml/metadata``) in the field **Master SAML Processing URL**."
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:101
-msgid "You also need to enable **Sign assertions**."
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:105
-msgid "Step 2: Configure Zammad"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:107
+#: ../settings/security/third-party/saml.rst:90
 msgid ""
 "Enable SAML and enter your IdP's details in the Admin Panel under **Settings "
 "> Security > Third Party Applications > Authentication via SAML**:"
@@ -18038,66 +17980,65 @@ msgstr ""
 msgid "Example configuration of SAML part 1"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Display name"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:116
+#: ../settings/security/third-party/saml.rst:99
 msgid ""
 "Allows you to define a custom button name for SAML. This helps your users to "
 "understand better what the button on the login page does."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Defaults to ``SAML``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:123
+#: ../settings/security/third-party/saml.rst:106
 msgid "IDP SSO target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:122
+#: ../settings/security/third-party/saml.rst:105
 msgid ""
 "This is the target URL Zammad shall redirect to when the user presses the "
-"SAML button. For Keycloak, this needs to look like https://your.domain/"
-"realms/your-realm/protocol/saml"
+"SAML button."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:127
+#: ../settings/security/third-party/saml.rst:110
 msgid "IDP single logout target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:126
+#: ../settings/security/third-party/saml.rst:109
 msgid ""
 "This is the URL to which the single logout request and response should be "
 "sent."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:131
+#: ../settings/security/third-party/saml.rst:114
 msgid "IDP certificate"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:130
+#: ../settings/security/third-party/saml.rst:113
 msgid ""
 "The public certificate of your IDP for Zammad to verify during the callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:145
+#: ../settings/security/third-party/saml.rst:128
 msgid "IDP certificate fingerprint"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:134
+#: ../settings/security/third-party/saml.rst:117
 msgid ""
 "The fingerprint of your IDPs public certificate to verify during callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:137
+#: ../settings/security/third-party/saml.rst:120
 msgid "🔏 **For the IdP certificate / certificate fingerprint:**"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:139
+#: ../settings/security/third-party/saml.rst:122
 msgid ""
 "Provide **only one or the other**—do not provide both! (Between the two, we "
 "recommend the signing certificate itself: fingerprints use SHA-1, which `has "
@@ -18105,31 +18046,31 @@ msgid ""
 "sha1_broken.html>`_.)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:144
+#: ../settings/security/third-party/saml.rst:127
 msgid ""
 "**Keycloak users:** Find your certificate in the Keycloak admin panel under "
 "**Realm Settings > Keys > Algorithm: RS256 > Certificate**."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Name identifier format"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:148
+#: ../settings/security/third-party/saml.rst:131
 msgid ""
 "This is the unique identifiers field type. Usually it should be ``urn:oasis:"
 "names:tc:SAML:1.1:nameid-format:emailAddress``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Zammad **expects an email address as unique identifier**!"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:155
+#: ../settings/security/third-party/saml.rst:138
 msgid "UID attribute name"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:154
+#: ../settings/security/third-party/saml.rst:137
 msgid ""
 "Here you can define an attribute that uniquely identifies the user. If "
 "unset, the name identifier returned by the IDP is used."
@@ -18139,101 +18080,361 @@ msgstr ""
 msgid "Example configuration of SAML part 2"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:163
+#: ../settings/security/third-party/saml.rst:146
 msgid ""
 "Decide if the certificate for the connection to the IdP service has to be "
 "verified or not (default: ``yes``)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid "Signing & Encrypting"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid ""
 "Define if you want to sign, encrypt, do both or nothing for the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "Certificate (PEM)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:172
+#: ../settings/security/third-party/saml.rst:155
 msgid ""
 "Paste the public certificate of your Zammad SAML client, if you want to "
 "encrypt the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:175
+#: ../settings/security/third-party/saml.rst:158
 msgid "Make sure the certificate is:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:177
+#: ../settings/security/third-party/saml.rst:160
 msgid "already valid and not yet expired"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:178
+#: ../settings/security/third-party/saml.rst:161
 msgid "no CA certificate"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "valid for signing and encrypting"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Private key (PEM)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:182
+#: ../settings/security/third-party/saml.rst:165
 msgid ""
 "Paste the private key of your Zammad SAML client here, if you want to sign "
 "the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Make sure the key is an RSA key with a length of at least 2048 bits."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "Private key secret"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "If your private key is secured with a secret, you can provide it here."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:192
+#: ../settings/security/third-party/saml.rst:175
 msgid "Your callback URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:191
+#: ../settings/security/third-party/saml.rst:174
 msgid ""
 "This URL is needed for your IdP configuration so it knows where to redirect "
 "to after successful authentication."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:194
+#: ../settings/security/third-party/saml.rst:177
 msgid ""
 "After saving your input by clicking on the \"Submit\" button, Zammad "
 "verifies the provided keys/certificates (e.g. if they are valid for signing/"
 "encrypting and if they aren't expired)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:199
+#: ../settings/security/third-party/saml.rst:182
 msgid ""
 "See :ref:`automatic account linking <automatic-account-linking>` for details "
 "on how to link existing Zammad accounts to IdP accounts."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:205
+#: ../settings/security/third-party/saml.rst:188
 msgid "Automatic account linking doesn't work"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:206
+#: ../settings/security/third-party/saml.rst:189
 msgid ""
 "Have you double-checked your IdP's user attribute mapping configuration?"
 msgstr ""
 
+#: ../settings/security/third-party/saml/saml-keycloak.rst:2
+msgid "SAML with Keycloak"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:5
+msgid "Step 1: Keycloak Configuration"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:7
+msgid ""
+"**To add Zammad as a client,** save the XML configuration to disk (``https://"
+"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
+"Import client** in the Keycloak admin panel."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:13
+msgid ""
+"To help Zammad **match its own user accounts to Keycloak users**, create a "
+"user attribute (or “property”) mapper. In **Clients list**, click on your "
+"newly created Client ID, choose the tab **Client scopes** and click on the "
+"link which refers to your Zammad instance. Choose **Add mapper > By "
+"configuration > User Property** and create a mapper with the following "
+"entries:"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:22
+msgid "**Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:24
+msgid "**Mapper Type**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:25
+msgid "``User Property``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:26
+msgid "**Property**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:27
+msgid "``emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:28
+msgid "**SAML Attribute Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:30
+msgid "**SAML Attribute NameFormat**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:31
+msgid "``basic``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:33
+msgid ""
+"In the example above, we're telling Zammad that whenever it receives a SAML "
+"login request, it should take the ``email`` property from Keycloak, look for "
+"a Zammad user with the same ``email`` attribute, and create a new session "
+"for that user."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:39
+msgid ""
+"If your Keycloak users' email addresses are stored on another property (*e."
+"g.,* ``username``), adjust accordingly."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:42
+msgid ""
+"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
+"saml/metadata``) in the field **Master SAML Processing URL**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:46
+msgid "You also need to enable **Sign assertions**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:49
+msgid "2. Configure Zammad"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:51
+#: ../settings/security/third-party/saml/saml-microsoft.rst:53
+msgid "Log in to Zammad as an administrator"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:52
+#: ../settings/security/third-party/saml/saml-microsoft.rst:54
+msgid ""
+"In the admin panel go to \"Settings\" > \"Security\" > \"Third-party "
+"Applications\" > \"Authentication via SAML\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:54
+#: ../settings/security/third-party/saml/saml-microsoft.rst:56
+msgid "Provide the following information:"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:56
+msgid ""
+"SAML IdP Login URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:57
+msgid ""
+"SAML IdP Logout URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:59
+#: ../settings/security/third-party/saml/saml-microsoft.rst:61
+msgid ""
+"Name Identifier Format: ``urn:oasis:names:tc:SAML:1.1:nameid-format:"
+"emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:60
+#: ../settings/security/third-party/saml/saml-microsoft.rst:62
+msgid ""
+"SAML IdP Certificate: Upload the previously downloaded Base64 certificate."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:61
+#: ../settings/security/third-party/saml/saml-microsoft.rst:63
+msgid "Save the settings"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:64
+#: ../settings/security/third-party/saml/saml-microsoft.rst:72
+msgid ""
+"Read on at :ref:`saml-zammad` for a description of the specific fields in "
+"Zammad."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:2
+msgid "SAML with Microsoft 365"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:5
+msgid "1. Register Zammad as an Application in Microsoft Entra ID"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:7
+msgid "Log in to the Microsoft Entra admin center with administrative rights"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:8
+msgid ""
+"Navigate to \"Identity\" > \"Applications\" > \"Enterprise Applications\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:9
+msgid "Click \"New Application\" and select \"Create your own application\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:10
+msgid "Enter a name for the application, e.g. \"Zammad SAML Integration\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:11
+msgid ""
+"Choose \"Integrate any other application you don't find in the gallery\", "
+"then click \"Create\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:15
+msgid "2. Configure SAML-based Single Sign-On (SSO)"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:17
+msgid "After the application is created, go to its overview page"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:18
+msgid "Select \"Single sign-on\" from the left-hand menu"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:19
+msgid "Choose \"SAML\" as the sign-on method"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:20
+msgid "In the \"Basic SAML Configuration\" section, click \"Edit\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:22
+msgid ""
+"Identifier (Entity ID): Use Zammad's Entity ID, which can be found at "
+"``https://your.zammad.domain/auth/saml/metadata``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:24
+msgid ""
+"Reply URL (Assertion Consumer Service URL): Set it to ``https://your.zammad."
+"domain/auth/saml/callback``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:27
+msgid "Save the configuration"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:30
+msgid "3. Configure User Attributes and Claims Mapping"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:32
+msgid ""
+"In the \"Attributes & Claims\" section, click \"Edit\". By default, some "
+"claims like User Principal Name, Email Address, First Name, and Last Name "
+"are already configured."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid ""
+"Screenshots showing \"Attribute & Claims\" configuration in Entra admin "
+"center"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:41
+msgid "4. Download the SAML Certificate"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:43
+msgid ""
+"In the \"SAML Signing Certificate\" section, download the \"Certificate "
+"(Base64)\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid "Screenshot showing the highlighted certificate export already"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:51
+msgid "5. Configure Zammad"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:58
+msgid ""
+"IDP SSO target URL: The Login URL from the Microsoft Entra Admin Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:59
+msgid ""
+"IDP single logout target URL: The Logout URL from the Microsoft Entra Admin "
+"Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:66
+msgid "6. Assign Users"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:68
+msgid ""
+"In Microsoft Entra ID, assign the relevant users to the Zammad application "
+"to grant them access."
+msgstr ""
+
 #: ../settings/security/third-party/twitter.rst:4
 msgid ""
 "It is possible to create a quick login for your helpdesk via Twitter. To do "
diff --git a/locale/it/LC_MESSAGES/admin-docs.po b/locale/it/LC_MESSAGES/admin-docs.po
index 48f061f3..791531b7 100644
--- a/locale/it/LC_MESSAGES/admin-docs.po
+++ b/locale/it/LC_MESSAGES/admin-docs.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Zammad\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-11-14 11:32+0100\n"
+"POT-Creation-Date: 2024-11-29 15:26+0100\n"
 "PO-Revision-Date: 2023-04-15 10:17+0000\n"
 "Last-Translator: crnfpp <crnfpp@unife.it>\n"
 "Language-Team: Italian <https://translations.zammad.org/projects/"
@@ -26,6 +26,7 @@ msgstr "Chat"
 #: ../channels/chat.rst:5 ../channels/facebook.rst:5
 #: ../misc/object-conditions/basics.rst:5
 #: ../settings/security/ssl-certificates.rst:5
+#: ../settings/security/third-party/saml.rst:5
 #: ../system/integrations/pgp/index.rst:5 ../system/objects/permissions.rst:5
 msgid "Introduction"
 msgstr ""
@@ -514,7 +515,7 @@ msgstr ""
 
 #: ../channels/email/accounts/account-setup.rst:141
 #: ../channels/email/accounts/account-setup.rst:264
-#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:166
+#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:149
 #: ../system/integrations/i-doit.rst:74
 msgid "SSL verification"
 msgstr ""
@@ -779,7 +780,7 @@ msgstr ""
 #: ../channels/email/accounts/account-setup.rst:288
 #: ../channels/google/basic-setup.rst:231
 #: ../channels/microsoft365/accounts/account-setup.rst:170
-#: ../settings/security/third-party/saml.rst:203
+#: ../settings/security/third-party/saml.rst:186
 #: ../system/integrations/cti/includes/troubleshooting.include.rst:2
 #: ../system/integrations/github.rst:53 ../system/integrations/gitlab.rst:46
 #: ../system/integrations/pgp/index.rst:112
@@ -4040,8 +4041,8 @@ msgid "OpenId permissions"
 msgstr ""
 
 #: ../channels/microsoft365/accounts/register-app.rst:87
-#: ../settings/security/third-party/saml.rst:79
-#: ../settings/security/third-party/saml.rst:85
+#: ../settings/security/third-party/saml/saml-keycloak.rst:23
+#: ../settings/security/third-party/saml/saml-keycloak.rst:29
 msgid "``email``"
 msgstr ""
 
@@ -17874,188 +17875,129 @@ msgstr ""
 msgid "SAML"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:4
-msgid ""
-"Connect your SAML (Security Assertion Markup Language) identity provider as "
-"a single sign-on (SSO) method."
-msgstr ""
-
 #: ../settings/security/third-party/saml.rst:7
 msgid ""
-"SAML is an open standard for SSO authentication (among other things). Sign-"
-"ins are shared across multiple **service providers** and managed by a "
-"central **identity provider** (IdP)."
+"Connect your SAML (Security Assertion Markup Language) identity provider as "
+"a single sign-on (SSO) method. SAML is an open standard for SSO "
+"authentication (among other things). Sign-ins are shared across multiple "
+"**service providers** and managed by a central **identity provider** (IdP)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:11
+#: ../settings/security/third-party/saml.rst:12
 msgid ""
 "In this case, the service provider is Zammad, and the IdP is a software "
-"service that you either host or subscribe to (*e.g.,* `Keycloak <https://www."
+"service that you either host or subscribe to (e.g. `Keycloak <https://www."
 "keycloak.org/>`_, `Redhat SSO Server <https://access.redhat.com/products/red-"
 "hat-single-sign-on>`_, `ADFS <https://docs.microsoft.com/en-us/windows-"
 "server/identity/active-directory-federation-services>`_, or `Okta <https://"
 "www.okta.com/>`_)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:18
+#: ../settings/security/third-party/saml.rst:19
 msgid ""
-"This guide assumes you are already using SAML within your organization (i."
-"e., that your IdP is fully set up)."
+"This guide assumes you are already using SAML within your organization (i.e. "
+"that your IdP is fully set up)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:21
-msgid ""
-"Please note: Our instructions are based on connecting Zammad with Keycloak."
+#: ../settings/security/third-party/saml.rst:23
+msgid "Basic Configuration"
 msgstr ""
 
 #: ../settings/security/third-party/saml.rst:25
-msgid "Step 1: Configure Your IdP"
+msgid ""
+"This section describes the setup of an IdP in a general way. See :ref:`saml-"
+"guides` for setup guides for Keycloak and Microsoft SAML."
+msgstr ""
+
+#: ../settings/security/third-party/saml.rst:29
+msgid "Configure Your IdP"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:28
+#: ../settings/security/third-party/saml.rst:32
 msgid "Add Zammad as a Client/App"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:30
+#: ../settings/security/third-party/saml.rst:34
 msgid ""
 "Import Zammad into your IdP using the XML configuration found at ``https://"
 "your.zammad.domain/auth/saml/metadata``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:33
+#: ../settings/security/third-party/saml.rst:37
 msgid ""
 "If your IdP doesn't support XML import, you will have to configure Zammad as "
 "a new client/app manually using the above XML metadata file for reference."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:36
+#: ../settings/security/third-party/saml.rst:40
 msgid "For instance, when you see this tag:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:42
+#: ../settings/security/third-party/saml.rst:46
 msgid ""
 "Set the **Assertion Consumer Service Binding URL** (sometimes also listed as "
 "**Valid Redirect URIs**) to ``http://your.zammad.domain/auth/saml/callback``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:47
+#: ../settings/security/third-party/saml.rst:51
 msgid "Set Up User Attribute Mapping"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:49
+#: ../settings/security/third-party/saml.rst:53
 msgid ""
 "Zammad requests the following user attributes (or “properties”) from the IdP:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:51
+#: ../settings/security/third-party/saml.rst:55
 msgid "Email address (``email``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:52
+#: ../settings/security/third-party/saml.rst:56
 msgid "Full name (``name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:53
+#: ../settings/security/third-party/saml.rst:57
 msgid "Given name (``first_name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:54
+#: ../settings/security/third-party/saml.rst:58
 msgid "Family name (``last_name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:56
+#: ../settings/security/third-party/saml.rst:60
 msgid ""
 "You may need to set up “mappers” (or “mappings”) to tell your IdP how user "
 "attributes in SAML correspond to those in Zammad. For a more detailed "
 "breakdown, refer to the XML metadata file referenced in the previous section."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:62
-msgid "Per-IdP Instructions"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:102
-msgid "Keycloak"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:65
-msgid ""
-"**To add Zammad as a client,** save the XML configuration to disk (``https://"
-"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
-"Import client** in the Keycloak admin panel."
+#: ../settings/security/third-party/saml.rst:68
+msgid "Configuration Guides"
 msgstr ""
 
 #: ../settings/security/third-party/saml.rst:70
-msgid ""
-"To help Zammad **match its own user accounts to Keycloak users**, create a "
-"user attribute (or “property”) mapper. In **Clients list**, click on your "
-"newly created Client ID, choose the tab **Client scopes** and click on the "
-"link which refers to your Zammad instance. Choose **Add mapper > By "
-"configuration > User Property** and create a mapper with the following "
-"entries:"
+msgid "You can find specific configuration guides for:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:78
-msgid "**Name**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:80
-msgid "**Mapper Type**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:81
-msgid "``User Property``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:82
-msgid "**Property**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:83
-msgid "``emailAddress``"
+#: ../settings/security/third-party/saml.rst:72
+msgid ":doc:`Keycloak <./saml/saml-keycloak>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:84
-msgid "**SAML Attribute Name**"
+#: ../settings/security/third-party/saml.rst:73
+msgid ":doc:`Microsoft SAML <./saml/saml-microsoft>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:86
-msgid "**SAML Attribute NameFormat**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:87
-msgid "``basic``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:89
+#: ../settings/security/third-party/saml.rst:75
 msgid ""
-"In the example above, we're telling Zammad that whenever it receives a SAML "
-"login request, it should take the ``email`` property from Keycloak, look for "
-"a Zammad user with the same ``email`` attribute, and create a new session "
-"for that user."
+"If your are using another IdP, adapt it to your needs. For a description of "
+"the fields in Zammad, read on below."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:95
-msgid ""
-"If your Keycloak users' email addresses are stored on another property (*e."
-"g.,* ``username``), adjust accordingly."
+#: ../settings/security/third-party/saml.rst:88
+msgid "General Zammad Configuration"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:98
-msgid ""
-"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
-"saml/metadata``) in the field **Master SAML Processing URL**."
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:101
-msgid "You also need to enable **Sign assertions**."
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:105
-msgid "Step 2: Configure Zammad"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:107
+#: ../settings/security/third-party/saml.rst:90
 msgid ""
 "Enable SAML and enter your IdP's details in the Admin Panel under **Settings "
 "> Security > Third Party Applications > Authentication via SAML**:"
@@ -18065,66 +18007,65 @@ msgstr ""
 msgid "Example configuration of SAML part 1"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Display name"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:116
+#: ../settings/security/third-party/saml.rst:99
 msgid ""
 "Allows you to define a custom button name for SAML. This helps your users to "
 "understand better what the button on the login page does."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Defaults to ``SAML``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:123
+#: ../settings/security/third-party/saml.rst:106
 msgid "IDP SSO target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:122
+#: ../settings/security/third-party/saml.rst:105
 msgid ""
 "This is the target URL Zammad shall redirect to when the user presses the "
-"SAML button. For Keycloak, this needs to look like https://your.domain/"
-"realms/your-realm/protocol/saml"
+"SAML button."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:127
+#: ../settings/security/third-party/saml.rst:110
 msgid "IDP single logout target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:126
+#: ../settings/security/third-party/saml.rst:109
 msgid ""
 "This is the URL to which the single logout request and response should be "
 "sent."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:131
+#: ../settings/security/third-party/saml.rst:114
 msgid "IDP certificate"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:130
+#: ../settings/security/third-party/saml.rst:113
 msgid ""
 "The public certificate of your IDP for Zammad to verify during the callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:145
+#: ../settings/security/third-party/saml.rst:128
 msgid "IDP certificate fingerprint"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:134
+#: ../settings/security/third-party/saml.rst:117
 msgid ""
 "The fingerprint of your IDPs public certificate to verify during callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:137
+#: ../settings/security/third-party/saml.rst:120
 msgid "🔏 **For the IdP certificate / certificate fingerprint:**"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:139
+#: ../settings/security/third-party/saml.rst:122
 msgid ""
 "Provide **only one or the other**—do not provide both! (Between the two, we "
 "recommend the signing certificate itself: fingerprints use SHA-1, which `has "
@@ -18132,31 +18073,31 @@ msgid ""
 "sha1_broken.html>`_.)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:144
+#: ../settings/security/third-party/saml.rst:127
 msgid ""
 "**Keycloak users:** Find your certificate in the Keycloak admin panel under "
 "**Realm Settings > Keys > Algorithm: RS256 > Certificate**."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Name identifier format"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:148
+#: ../settings/security/third-party/saml.rst:131
 msgid ""
 "This is the unique identifiers field type. Usually it should be ``urn:oasis:"
 "names:tc:SAML:1.1:nameid-format:emailAddress``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Zammad **expects an email address as unique identifier**!"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:155
+#: ../settings/security/third-party/saml.rst:138
 msgid "UID attribute name"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:154
+#: ../settings/security/third-party/saml.rst:137
 msgid ""
 "Here you can define an attribute that uniquely identifies the user. If "
 "unset, the name identifier returned by the IDP is used."
@@ -18166,101 +18107,361 @@ msgstr ""
 msgid "Example configuration of SAML part 2"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:163
+#: ../settings/security/third-party/saml.rst:146
 msgid ""
 "Decide if the certificate for the connection to the IdP service has to be "
 "verified or not (default: ``yes``)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid "Signing & Encrypting"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid ""
 "Define if you want to sign, encrypt, do both or nothing for the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "Certificate (PEM)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:172
+#: ../settings/security/third-party/saml.rst:155
 msgid ""
 "Paste the public certificate of your Zammad SAML client, if you want to "
 "encrypt the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:175
+#: ../settings/security/third-party/saml.rst:158
 msgid "Make sure the certificate is:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:177
+#: ../settings/security/third-party/saml.rst:160
 msgid "already valid and not yet expired"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:178
+#: ../settings/security/third-party/saml.rst:161
 msgid "no CA certificate"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "valid for signing and encrypting"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Private key (PEM)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:182
+#: ../settings/security/third-party/saml.rst:165
 msgid ""
 "Paste the private key of your Zammad SAML client here, if you want to sign "
 "the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Make sure the key is an RSA key with a length of at least 2048 bits."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "Private key secret"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "If your private key is secured with a secret, you can provide it here."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:192
+#: ../settings/security/third-party/saml.rst:175
 msgid "Your callback URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:191
+#: ../settings/security/third-party/saml.rst:174
 msgid ""
 "This URL is needed for your IdP configuration so it knows where to redirect "
 "to after successful authentication."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:194
+#: ../settings/security/third-party/saml.rst:177
 msgid ""
 "After saving your input by clicking on the \"Submit\" button, Zammad "
 "verifies the provided keys/certificates (e.g. if they are valid for signing/"
 "encrypting and if they aren't expired)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:199
+#: ../settings/security/third-party/saml.rst:182
 msgid ""
 "See :ref:`automatic account linking <automatic-account-linking>` for details "
 "on how to link existing Zammad accounts to IdP accounts."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:205
+#: ../settings/security/third-party/saml.rst:188
 msgid "Automatic account linking doesn't work"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:206
+#: ../settings/security/third-party/saml.rst:189
 msgid ""
 "Have you double-checked your IdP's user attribute mapping configuration?"
 msgstr ""
 
+#: ../settings/security/third-party/saml/saml-keycloak.rst:2
+msgid "SAML with Keycloak"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:5
+msgid "Step 1: Keycloak Configuration"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:7
+msgid ""
+"**To add Zammad as a client,** save the XML configuration to disk (``https://"
+"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
+"Import client** in the Keycloak admin panel."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:13
+msgid ""
+"To help Zammad **match its own user accounts to Keycloak users**, create a "
+"user attribute (or “property”) mapper. In **Clients list**, click on your "
+"newly created Client ID, choose the tab **Client scopes** and click on the "
+"link which refers to your Zammad instance. Choose **Add mapper > By "
+"configuration > User Property** and create a mapper with the following "
+"entries:"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:22
+msgid "**Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:24
+msgid "**Mapper Type**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:25
+msgid "``User Property``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:26
+msgid "**Property**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:27
+msgid "``emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:28
+msgid "**SAML Attribute Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:30
+msgid "**SAML Attribute NameFormat**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:31
+msgid "``basic``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:33
+msgid ""
+"In the example above, we're telling Zammad that whenever it receives a SAML "
+"login request, it should take the ``email`` property from Keycloak, look for "
+"a Zammad user with the same ``email`` attribute, and create a new session "
+"for that user."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:39
+msgid ""
+"If your Keycloak users' email addresses are stored on another property (*e."
+"g.,* ``username``), adjust accordingly."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:42
+msgid ""
+"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
+"saml/metadata``) in the field **Master SAML Processing URL**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:46
+msgid "You also need to enable **Sign assertions**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:49
+msgid "2. Configure Zammad"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:51
+#: ../settings/security/third-party/saml/saml-microsoft.rst:53
+msgid "Log in to Zammad as an administrator"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:52
+#: ../settings/security/third-party/saml/saml-microsoft.rst:54
+msgid ""
+"In the admin panel go to \"Settings\" > \"Security\" > \"Third-party "
+"Applications\" > \"Authentication via SAML\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:54
+#: ../settings/security/third-party/saml/saml-microsoft.rst:56
+msgid "Provide the following information:"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:56
+msgid ""
+"SAML IdP Login URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:57
+msgid ""
+"SAML IdP Logout URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:59
+#: ../settings/security/third-party/saml/saml-microsoft.rst:61
+msgid ""
+"Name Identifier Format: ``urn:oasis:names:tc:SAML:1.1:nameid-format:"
+"emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:60
+#: ../settings/security/third-party/saml/saml-microsoft.rst:62
+msgid ""
+"SAML IdP Certificate: Upload the previously downloaded Base64 certificate."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:61
+#: ../settings/security/third-party/saml/saml-microsoft.rst:63
+msgid "Save the settings"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:64
+#: ../settings/security/third-party/saml/saml-microsoft.rst:72
+msgid ""
+"Read on at :ref:`saml-zammad` for a description of the specific fields in "
+"Zammad."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:2
+msgid "SAML with Microsoft 365"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:5
+msgid "1. Register Zammad as an Application in Microsoft Entra ID"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:7
+msgid "Log in to the Microsoft Entra admin center with administrative rights"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:8
+msgid ""
+"Navigate to \"Identity\" > \"Applications\" > \"Enterprise Applications\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:9
+msgid "Click \"New Application\" and select \"Create your own application\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:10
+msgid "Enter a name for the application, e.g. \"Zammad SAML Integration\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:11
+msgid ""
+"Choose \"Integrate any other application you don't find in the gallery\", "
+"then click \"Create\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:15
+msgid "2. Configure SAML-based Single Sign-On (SSO)"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:17
+msgid "After the application is created, go to its overview page"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:18
+msgid "Select \"Single sign-on\" from the left-hand menu"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:19
+msgid "Choose \"SAML\" as the sign-on method"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:20
+msgid "In the \"Basic SAML Configuration\" section, click \"Edit\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:22
+msgid ""
+"Identifier (Entity ID): Use Zammad's Entity ID, which can be found at "
+"``https://your.zammad.domain/auth/saml/metadata``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:24
+msgid ""
+"Reply URL (Assertion Consumer Service URL): Set it to ``https://your.zammad."
+"domain/auth/saml/callback``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:27
+msgid "Save the configuration"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:30
+msgid "3. Configure User Attributes and Claims Mapping"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:32
+msgid ""
+"In the \"Attributes & Claims\" section, click \"Edit\". By default, some "
+"claims like User Principal Name, Email Address, First Name, and Last Name "
+"are already configured."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid ""
+"Screenshots showing \"Attribute & Claims\" configuration in Entra admin "
+"center"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:41
+msgid "4. Download the SAML Certificate"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:43
+msgid ""
+"In the \"SAML Signing Certificate\" section, download the \"Certificate "
+"(Base64)\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid "Screenshot showing the highlighted certificate export already"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:51
+msgid "5. Configure Zammad"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:58
+msgid ""
+"IDP SSO target URL: The Login URL from the Microsoft Entra Admin Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:59
+msgid ""
+"IDP single logout target URL: The Logout URL from the Microsoft Entra Admin "
+"Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:66
+msgid "6. Assign Users"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:68
+msgid ""
+"In Microsoft Entra ID, assign the relevant users to the Zammad application "
+"to grant them access."
+msgstr ""
+
 #: ../settings/security/third-party/twitter.rst:4
 msgid ""
 "It is possible to create a quick login for your helpdesk via Twitter. To do "
diff --git a/locale/nl/LC_MESSAGES/admin-docs.po b/locale/nl/LC_MESSAGES/admin-docs.po
index 5946e3ad..d5fb9ca8 100644
--- a/locale/nl/LC_MESSAGES/admin-docs.po
+++ b/locale/nl/LC_MESSAGES/admin-docs.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Zammad\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-11-14 11:32+0100\n"
+"POT-Creation-Date: 2024-11-29 15:26+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: Automatically generated\n"
 "Language-Team: none\n"
@@ -23,6 +23,7 @@ msgstr ""
 #: ../channels/chat.rst:5 ../channels/facebook.rst:5
 #: ../misc/object-conditions/basics.rst:5
 #: ../settings/security/ssl-certificates.rst:5
+#: ../settings/security/third-party/saml.rst:5
 #: ../system/integrations/pgp/index.rst:5 ../system/objects/permissions.rst:5
 msgid "Introduction"
 msgstr ""
@@ -505,7 +506,7 @@ msgstr ""
 
 #: ../channels/email/accounts/account-setup.rst:141
 #: ../channels/email/accounts/account-setup.rst:264
-#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:166
+#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:149
 #: ../system/integrations/i-doit.rst:74
 msgid "SSL verification"
 msgstr ""
@@ -770,7 +771,7 @@ msgstr ""
 #: ../channels/email/accounts/account-setup.rst:288
 #: ../channels/google/basic-setup.rst:231
 #: ../channels/microsoft365/accounts/account-setup.rst:170
-#: ../settings/security/third-party/saml.rst:203
+#: ../settings/security/third-party/saml.rst:186
 #: ../system/integrations/cti/includes/troubleshooting.include.rst:2
 #: ../system/integrations/github.rst:53 ../system/integrations/gitlab.rst:46
 #: ../system/integrations/pgp/index.rst:112
@@ -4027,8 +4028,8 @@ msgid "OpenId permissions"
 msgstr ""
 
 #: ../channels/microsoft365/accounts/register-app.rst:87
-#: ../settings/security/third-party/saml.rst:79
-#: ../settings/security/third-party/saml.rst:85
+#: ../settings/security/third-party/saml/saml-keycloak.rst:23
+#: ../settings/security/third-party/saml/saml-keycloak.rst:29
 msgid "``email``"
 msgstr ""
 
@@ -17847,188 +17848,129 @@ msgstr ""
 msgid "SAML"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:4
-msgid ""
-"Connect your SAML (Security Assertion Markup Language) identity provider as "
-"a single sign-on (SSO) method."
-msgstr ""
-
 #: ../settings/security/third-party/saml.rst:7
 msgid ""
-"SAML is an open standard for SSO authentication (among other things). Sign-"
-"ins are shared across multiple **service providers** and managed by a "
-"central **identity provider** (IdP)."
+"Connect your SAML (Security Assertion Markup Language) identity provider as "
+"a single sign-on (SSO) method. SAML is an open standard for SSO "
+"authentication (among other things). Sign-ins are shared across multiple "
+"**service providers** and managed by a central **identity provider** (IdP)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:11
+#: ../settings/security/third-party/saml.rst:12
 msgid ""
 "In this case, the service provider is Zammad, and the IdP is a software "
-"service that you either host or subscribe to (*e.g.,* `Keycloak <https://www."
+"service that you either host or subscribe to (e.g. `Keycloak <https://www."
 "keycloak.org/>`_, `Redhat SSO Server <https://access.redhat.com/products/red-"
 "hat-single-sign-on>`_, `ADFS <https://docs.microsoft.com/en-us/windows-"
 "server/identity/active-directory-federation-services>`_, or `Okta <https://"
 "www.okta.com/>`_)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:18
+#: ../settings/security/third-party/saml.rst:19
 msgid ""
-"This guide assumes you are already using SAML within your organization (i."
-"e., that your IdP is fully set up)."
+"This guide assumes you are already using SAML within your organization (i.e. "
+"that your IdP is fully set up)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:21
-msgid ""
-"Please note: Our instructions are based on connecting Zammad with Keycloak."
+#: ../settings/security/third-party/saml.rst:23
+msgid "Basic Configuration"
 msgstr ""
 
 #: ../settings/security/third-party/saml.rst:25
-msgid "Step 1: Configure Your IdP"
+msgid ""
+"This section describes the setup of an IdP in a general way. See :ref:`saml-"
+"guides` for setup guides for Keycloak and Microsoft SAML."
+msgstr ""
+
+#: ../settings/security/third-party/saml.rst:29
+msgid "Configure Your IdP"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:28
+#: ../settings/security/third-party/saml.rst:32
 msgid "Add Zammad as a Client/App"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:30
+#: ../settings/security/third-party/saml.rst:34
 msgid ""
 "Import Zammad into your IdP using the XML configuration found at ``https://"
 "your.zammad.domain/auth/saml/metadata``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:33
+#: ../settings/security/third-party/saml.rst:37
 msgid ""
 "If your IdP doesn't support XML import, you will have to configure Zammad as "
 "a new client/app manually using the above XML metadata file for reference."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:36
+#: ../settings/security/third-party/saml.rst:40
 msgid "For instance, when you see this tag:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:42
+#: ../settings/security/third-party/saml.rst:46
 msgid ""
 "Set the **Assertion Consumer Service Binding URL** (sometimes also listed as "
 "**Valid Redirect URIs**) to ``http://your.zammad.domain/auth/saml/callback``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:47
+#: ../settings/security/third-party/saml.rst:51
 msgid "Set Up User Attribute Mapping"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:49
+#: ../settings/security/third-party/saml.rst:53
 msgid ""
 "Zammad requests the following user attributes (or “properties”) from the IdP:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:51
+#: ../settings/security/third-party/saml.rst:55
 msgid "Email address (``email``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:52
+#: ../settings/security/third-party/saml.rst:56
 msgid "Full name (``name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:53
+#: ../settings/security/third-party/saml.rst:57
 msgid "Given name (``first_name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:54
+#: ../settings/security/third-party/saml.rst:58
 msgid "Family name (``last_name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:56
+#: ../settings/security/third-party/saml.rst:60
 msgid ""
 "You may need to set up “mappers” (or “mappings”) to tell your IdP how user "
 "attributes in SAML correspond to those in Zammad. For a more detailed "
 "breakdown, refer to the XML metadata file referenced in the previous section."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:62
-msgid "Per-IdP Instructions"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:102
-msgid "Keycloak"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:65
-msgid ""
-"**To add Zammad as a client,** save the XML configuration to disk (``https://"
-"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
-"Import client** in the Keycloak admin panel."
+#: ../settings/security/third-party/saml.rst:68
+msgid "Configuration Guides"
 msgstr ""
 
 #: ../settings/security/third-party/saml.rst:70
-msgid ""
-"To help Zammad **match its own user accounts to Keycloak users**, create a "
-"user attribute (or “property”) mapper. In **Clients list**, click on your "
-"newly created Client ID, choose the tab **Client scopes** and click on the "
-"link which refers to your Zammad instance. Choose **Add mapper > By "
-"configuration > User Property** and create a mapper with the following "
-"entries:"
+msgid "You can find specific configuration guides for:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:78
-msgid "**Name**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:80
-msgid "**Mapper Type**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:81
-msgid "``User Property``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:82
-msgid "**Property**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:83
-msgid "``emailAddress``"
+#: ../settings/security/third-party/saml.rst:72
+msgid ":doc:`Keycloak <./saml/saml-keycloak>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:84
-msgid "**SAML Attribute Name**"
+#: ../settings/security/third-party/saml.rst:73
+msgid ":doc:`Microsoft SAML <./saml/saml-microsoft>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:86
-msgid "**SAML Attribute NameFormat**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:87
-msgid "``basic``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:89
+#: ../settings/security/third-party/saml.rst:75
 msgid ""
-"In the example above, we're telling Zammad that whenever it receives a SAML "
-"login request, it should take the ``email`` property from Keycloak, look for "
-"a Zammad user with the same ``email`` attribute, and create a new session "
-"for that user."
+"If your are using another IdP, adapt it to your needs. For a description of "
+"the fields in Zammad, read on below."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:95
-msgid ""
-"If your Keycloak users' email addresses are stored on another property (*e."
-"g.,* ``username``), adjust accordingly."
+#: ../settings/security/third-party/saml.rst:88
+msgid "General Zammad Configuration"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:98
-msgid ""
-"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
-"saml/metadata``) in the field **Master SAML Processing URL**."
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:101
-msgid "You also need to enable **Sign assertions**."
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:105
-msgid "Step 2: Configure Zammad"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:107
+#: ../settings/security/third-party/saml.rst:90
 msgid ""
 "Enable SAML and enter your IdP's details in the Admin Panel under **Settings "
 "> Security > Third Party Applications > Authentication via SAML**:"
@@ -18038,66 +17980,65 @@ msgstr ""
 msgid "Example configuration of SAML part 1"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Display name"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:116
+#: ../settings/security/third-party/saml.rst:99
 msgid ""
 "Allows you to define a custom button name for SAML. This helps your users to "
 "understand better what the button on the login page does."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Defaults to ``SAML``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:123
+#: ../settings/security/third-party/saml.rst:106
 msgid "IDP SSO target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:122
+#: ../settings/security/third-party/saml.rst:105
 msgid ""
 "This is the target URL Zammad shall redirect to when the user presses the "
-"SAML button. For Keycloak, this needs to look like https://your.domain/"
-"realms/your-realm/protocol/saml"
+"SAML button."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:127
+#: ../settings/security/third-party/saml.rst:110
 msgid "IDP single logout target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:126
+#: ../settings/security/third-party/saml.rst:109
 msgid ""
 "This is the URL to which the single logout request and response should be "
 "sent."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:131
+#: ../settings/security/third-party/saml.rst:114
 msgid "IDP certificate"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:130
+#: ../settings/security/third-party/saml.rst:113
 msgid ""
 "The public certificate of your IDP for Zammad to verify during the callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:145
+#: ../settings/security/third-party/saml.rst:128
 msgid "IDP certificate fingerprint"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:134
+#: ../settings/security/third-party/saml.rst:117
 msgid ""
 "The fingerprint of your IDPs public certificate to verify during callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:137
+#: ../settings/security/third-party/saml.rst:120
 msgid "🔏 **For the IdP certificate / certificate fingerprint:**"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:139
+#: ../settings/security/third-party/saml.rst:122
 msgid ""
 "Provide **only one or the other**—do not provide both! (Between the two, we "
 "recommend the signing certificate itself: fingerprints use SHA-1, which `has "
@@ -18105,31 +18046,31 @@ msgid ""
 "sha1_broken.html>`_.)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:144
+#: ../settings/security/third-party/saml.rst:127
 msgid ""
 "**Keycloak users:** Find your certificate in the Keycloak admin panel under "
 "**Realm Settings > Keys > Algorithm: RS256 > Certificate**."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Name identifier format"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:148
+#: ../settings/security/third-party/saml.rst:131
 msgid ""
 "This is the unique identifiers field type. Usually it should be ``urn:oasis:"
 "names:tc:SAML:1.1:nameid-format:emailAddress``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Zammad **expects an email address as unique identifier**!"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:155
+#: ../settings/security/third-party/saml.rst:138
 msgid "UID attribute name"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:154
+#: ../settings/security/third-party/saml.rst:137
 msgid ""
 "Here you can define an attribute that uniquely identifies the user. If "
 "unset, the name identifier returned by the IDP is used."
@@ -18139,101 +18080,361 @@ msgstr ""
 msgid "Example configuration of SAML part 2"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:163
+#: ../settings/security/third-party/saml.rst:146
 msgid ""
 "Decide if the certificate for the connection to the IdP service has to be "
 "verified or not (default: ``yes``)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid "Signing & Encrypting"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid ""
 "Define if you want to sign, encrypt, do both or nothing for the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "Certificate (PEM)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:172
+#: ../settings/security/third-party/saml.rst:155
 msgid ""
 "Paste the public certificate of your Zammad SAML client, if you want to "
 "encrypt the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:175
+#: ../settings/security/third-party/saml.rst:158
 msgid "Make sure the certificate is:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:177
+#: ../settings/security/third-party/saml.rst:160
 msgid "already valid and not yet expired"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:178
+#: ../settings/security/third-party/saml.rst:161
 msgid "no CA certificate"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "valid for signing and encrypting"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Private key (PEM)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:182
+#: ../settings/security/third-party/saml.rst:165
 msgid ""
 "Paste the private key of your Zammad SAML client here, if you want to sign "
 "the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Make sure the key is an RSA key with a length of at least 2048 bits."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "Private key secret"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "If your private key is secured with a secret, you can provide it here."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:192
+#: ../settings/security/third-party/saml.rst:175
 msgid "Your callback URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:191
+#: ../settings/security/third-party/saml.rst:174
 msgid ""
 "This URL is needed for your IdP configuration so it knows where to redirect "
 "to after successful authentication."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:194
+#: ../settings/security/third-party/saml.rst:177
 msgid ""
 "After saving your input by clicking on the \"Submit\" button, Zammad "
 "verifies the provided keys/certificates (e.g. if they are valid for signing/"
 "encrypting and if they aren't expired)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:199
+#: ../settings/security/third-party/saml.rst:182
 msgid ""
 "See :ref:`automatic account linking <automatic-account-linking>` for details "
 "on how to link existing Zammad accounts to IdP accounts."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:205
+#: ../settings/security/third-party/saml.rst:188
 msgid "Automatic account linking doesn't work"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:206
+#: ../settings/security/third-party/saml.rst:189
 msgid ""
 "Have you double-checked your IdP's user attribute mapping configuration?"
 msgstr ""
 
+#: ../settings/security/third-party/saml/saml-keycloak.rst:2
+msgid "SAML with Keycloak"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:5
+msgid "Step 1: Keycloak Configuration"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:7
+msgid ""
+"**To add Zammad as a client,** save the XML configuration to disk (``https://"
+"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
+"Import client** in the Keycloak admin panel."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:13
+msgid ""
+"To help Zammad **match its own user accounts to Keycloak users**, create a "
+"user attribute (or “property”) mapper. In **Clients list**, click on your "
+"newly created Client ID, choose the tab **Client scopes** and click on the "
+"link which refers to your Zammad instance. Choose **Add mapper > By "
+"configuration > User Property** and create a mapper with the following "
+"entries:"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:22
+msgid "**Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:24
+msgid "**Mapper Type**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:25
+msgid "``User Property``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:26
+msgid "**Property**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:27
+msgid "``emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:28
+msgid "**SAML Attribute Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:30
+msgid "**SAML Attribute NameFormat**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:31
+msgid "``basic``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:33
+msgid ""
+"In the example above, we're telling Zammad that whenever it receives a SAML "
+"login request, it should take the ``email`` property from Keycloak, look for "
+"a Zammad user with the same ``email`` attribute, and create a new session "
+"for that user."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:39
+msgid ""
+"If your Keycloak users' email addresses are stored on another property (*e."
+"g.,* ``username``), adjust accordingly."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:42
+msgid ""
+"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
+"saml/metadata``) in the field **Master SAML Processing URL**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:46
+msgid "You also need to enable **Sign assertions**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:49
+msgid "2. Configure Zammad"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:51
+#: ../settings/security/third-party/saml/saml-microsoft.rst:53
+msgid "Log in to Zammad as an administrator"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:52
+#: ../settings/security/third-party/saml/saml-microsoft.rst:54
+msgid ""
+"In the admin panel go to \"Settings\" > \"Security\" > \"Third-party "
+"Applications\" > \"Authentication via SAML\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:54
+#: ../settings/security/third-party/saml/saml-microsoft.rst:56
+msgid "Provide the following information:"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:56
+msgid ""
+"SAML IdP Login URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:57
+msgid ""
+"SAML IdP Logout URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:59
+#: ../settings/security/third-party/saml/saml-microsoft.rst:61
+msgid ""
+"Name Identifier Format: ``urn:oasis:names:tc:SAML:1.1:nameid-format:"
+"emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:60
+#: ../settings/security/third-party/saml/saml-microsoft.rst:62
+msgid ""
+"SAML IdP Certificate: Upload the previously downloaded Base64 certificate."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:61
+#: ../settings/security/third-party/saml/saml-microsoft.rst:63
+msgid "Save the settings"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:64
+#: ../settings/security/third-party/saml/saml-microsoft.rst:72
+msgid ""
+"Read on at :ref:`saml-zammad` for a description of the specific fields in "
+"Zammad."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:2
+msgid "SAML with Microsoft 365"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:5
+msgid "1. Register Zammad as an Application in Microsoft Entra ID"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:7
+msgid "Log in to the Microsoft Entra admin center with administrative rights"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:8
+msgid ""
+"Navigate to \"Identity\" > \"Applications\" > \"Enterprise Applications\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:9
+msgid "Click \"New Application\" and select \"Create your own application\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:10
+msgid "Enter a name for the application, e.g. \"Zammad SAML Integration\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:11
+msgid ""
+"Choose \"Integrate any other application you don't find in the gallery\", "
+"then click \"Create\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:15
+msgid "2. Configure SAML-based Single Sign-On (SSO)"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:17
+msgid "After the application is created, go to its overview page"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:18
+msgid "Select \"Single sign-on\" from the left-hand menu"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:19
+msgid "Choose \"SAML\" as the sign-on method"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:20
+msgid "In the \"Basic SAML Configuration\" section, click \"Edit\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:22
+msgid ""
+"Identifier (Entity ID): Use Zammad's Entity ID, which can be found at "
+"``https://your.zammad.domain/auth/saml/metadata``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:24
+msgid ""
+"Reply URL (Assertion Consumer Service URL): Set it to ``https://your.zammad."
+"domain/auth/saml/callback``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:27
+msgid "Save the configuration"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:30
+msgid "3. Configure User Attributes and Claims Mapping"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:32
+msgid ""
+"In the \"Attributes & Claims\" section, click \"Edit\". By default, some "
+"claims like User Principal Name, Email Address, First Name, and Last Name "
+"are already configured."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid ""
+"Screenshots showing \"Attribute & Claims\" configuration in Entra admin "
+"center"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:41
+msgid "4. Download the SAML Certificate"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:43
+msgid ""
+"In the \"SAML Signing Certificate\" section, download the \"Certificate "
+"(Base64)\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid "Screenshot showing the highlighted certificate export already"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:51
+msgid "5. Configure Zammad"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:58
+msgid ""
+"IDP SSO target URL: The Login URL from the Microsoft Entra Admin Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:59
+msgid ""
+"IDP single logout target URL: The Logout URL from the Microsoft Entra Admin "
+"Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:66
+msgid "6. Assign Users"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:68
+msgid ""
+"In Microsoft Entra ID, assign the relevant users to the Zammad application "
+"to grant them access."
+msgstr ""
+
 #: ../settings/security/third-party/twitter.rst:4
 msgid ""
 "It is possible to create a quick login for your helpdesk via Twitter. To do "
diff --git a/locale/pl/LC_MESSAGES/admin-docs.po b/locale/pl/LC_MESSAGES/admin-docs.po
index 882a75f7..f14a5bdb 100644
--- a/locale/pl/LC_MESSAGES/admin-docs.po
+++ b/locale/pl/LC_MESSAGES/admin-docs.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Zammad\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-11-14 11:32+0100\n"
+"POT-Creation-Date: 2024-11-29 15:26+0100\n"
 "PO-Revision-Date: 2024-06-20 06:00+0000\n"
 "Last-Translator: MBekspert <michal.bosak@ekspert.biz>\n"
 "Language-Team: Polish <https://translations.zammad.org/projects/"
@@ -27,6 +27,7 @@ msgstr ""
 #: ../channels/chat.rst:5 ../channels/facebook.rst:5
 #: ../misc/object-conditions/basics.rst:5
 #: ../settings/security/ssl-certificates.rst:5
+#: ../settings/security/third-party/saml.rst:5
 #: ../system/integrations/pgp/index.rst:5 ../system/objects/permissions.rst:5
 msgid "Introduction"
 msgstr ""
@@ -509,7 +510,7 @@ msgstr ""
 
 #: ../channels/email/accounts/account-setup.rst:141
 #: ../channels/email/accounts/account-setup.rst:264
-#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:166
+#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:149
 #: ../system/integrations/i-doit.rst:74
 msgid "SSL verification"
 msgstr ""
@@ -774,7 +775,7 @@ msgstr ""
 #: ../channels/email/accounts/account-setup.rst:288
 #: ../channels/google/basic-setup.rst:231
 #: ../channels/microsoft365/accounts/account-setup.rst:170
-#: ../settings/security/third-party/saml.rst:203
+#: ../settings/security/third-party/saml.rst:186
 #: ../system/integrations/cti/includes/troubleshooting.include.rst:2
 #: ../system/integrations/github.rst:53 ../system/integrations/gitlab.rst:46
 #: ../system/integrations/pgp/index.rst:112
@@ -4033,8 +4034,8 @@ msgid "OpenId permissions"
 msgstr ""
 
 #: ../channels/microsoft365/accounts/register-app.rst:87
-#: ../settings/security/third-party/saml.rst:79
-#: ../settings/security/third-party/saml.rst:85
+#: ../settings/security/third-party/saml/saml-keycloak.rst:23
+#: ../settings/security/third-party/saml/saml-keycloak.rst:29
 msgid "``email``"
 msgstr ""
 
@@ -17868,188 +17869,129 @@ msgstr ""
 msgid "SAML"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:4
-msgid ""
-"Connect your SAML (Security Assertion Markup Language) identity provider as "
-"a single sign-on (SSO) method."
-msgstr ""
-
 #: ../settings/security/third-party/saml.rst:7
 msgid ""
-"SAML is an open standard for SSO authentication (among other things). Sign-"
-"ins are shared across multiple **service providers** and managed by a "
-"central **identity provider** (IdP)."
+"Connect your SAML (Security Assertion Markup Language) identity provider as "
+"a single sign-on (SSO) method. SAML is an open standard for SSO "
+"authentication (among other things). Sign-ins are shared across multiple "
+"**service providers** and managed by a central **identity provider** (IdP)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:11
+#: ../settings/security/third-party/saml.rst:12
 msgid ""
 "In this case, the service provider is Zammad, and the IdP is a software "
-"service that you either host or subscribe to (*e.g.,* `Keycloak <https://www."
+"service that you either host or subscribe to (e.g. `Keycloak <https://www."
 "keycloak.org/>`_, `Redhat SSO Server <https://access.redhat.com/products/red-"
 "hat-single-sign-on>`_, `ADFS <https://docs.microsoft.com/en-us/windows-"
 "server/identity/active-directory-federation-services>`_, or `Okta <https://"
 "www.okta.com/>`_)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:18
+#: ../settings/security/third-party/saml.rst:19
 msgid ""
-"This guide assumes you are already using SAML within your organization (i."
-"e., that your IdP is fully set up)."
+"This guide assumes you are already using SAML within your organization (i.e. "
+"that your IdP is fully set up)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:21
-msgid ""
-"Please note: Our instructions are based on connecting Zammad with Keycloak."
+#: ../settings/security/third-party/saml.rst:23
+msgid "Basic Configuration"
 msgstr ""
 
 #: ../settings/security/third-party/saml.rst:25
-msgid "Step 1: Configure Your IdP"
+msgid ""
+"This section describes the setup of an IdP in a general way. See :ref:`saml-"
+"guides` for setup guides for Keycloak and Microsoft SAML."
+msgstr ""
+
+#: ../settings/security/third-party/saml.rst:29
+msgid "Configure Your IdP"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:28
+#: ../settings/security/third-party/saml.rst:32
 msgid "Add Zammad as a Client/App"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:30
+#: ../settings/security/third-party/saml.rst:34
 msgid ""
 "Import Zammad into your IdP using the XML configuration found at ``https://"
 "your.zammad.domain/auth/saml/metadata``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:33
+#: ../settings/security/third-party/saml.rst:37
 msgid ""
 "If your IdP doesn't support XML import, you will have to configure Zammad as "
 "a new client/app manually using the above XML metadata file for reference."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:36
+#: ../settings/security/third-party/saml.rst:40
 msgid "For instance, when you see this tag:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:42
+#: ../settings/security/third-party/saml.rst:46
 msgid ""
 "Set the **Assertion Consumer Service Binding URL** (sometimes also listed as "
 "**Valid Redirect URIs**) to ``http://your.zammad.domain/auth/saml/callback``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:47
+#: ../settings/security/third-party/saml.rst:51
 msgid "Set Up User Attribute Mapping"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:49
+#: ../settings/security/third-party/saml.rst:53
 msgid ""
 "Zammad requests the following user attributes (or “properties”) from the IdP:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:51
+#: ../settings/security/third-party/saml.rst:55
 msgid "Email address (``email``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:52
+#: ../settings/security/third-party/saml.rst:56
 msgid "Full name (``name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:53
+#: ../settings/security/third-party/saml.rst:57
 msgid "Given name (``first_name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:54
+#: ../settings/security/third-party/saml.rst:58
 msgid "Family name (``last_name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:56
+#: ../settings/security/third-party/saml.rst:60
 msgid ""
 "You may need to set up “mappers” (or “mappings”) to tell your IdP how user "
 "attributes in SAML correspond to those in Zammad. For a more detailed "
 "breakdown, refer to the XML metadata file referenced in the previous section."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:62
-msgid "Per-IdP Instructions"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:102
-msgid "Keycloak"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:65
-msgid ""
-"**To add Zammad as a client,** save the XML configuration to disk (``https://"
-"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
-"Import client** in the Keycloak admin panel."
+#: ../settings/security/third-party/saml.rst:68
+msgid "Configuration Guides"
 msgstr ""
 
 #: ../settings/security/third-party/saml.rst:70
-msgid ""
-"To help Zammad **match its own user accounts to Keycloak users**, create a "
-"user attribute (or “property”) mapper. In **Clients list**, click on your "
-"newly created Client ID, choose the tab **Client scopes** and click on the "
-"link which refers to your Zammad instance. Choose **Add mapper > By "
-"configuration > User Property** and create a mapper with the following "
-"entries:"
+msgid "You can find specific configuration guides for:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:78
-msgid "**Name**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:80
-msgid "**Mapper Type**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:81
-msgid "``User Property``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:82
-msgid "**Property**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:83
-msgid "``emailAddress``"
+#: ../settings/security/third-party/saml.rst:72
+msgid ":doc:`Keycloak <./saml/saml-keycloak>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:84
-msgid "**SAML Attribute Name**"
+#: ../settings/security/third-party/saml.rst:73
+msgid ":doc:`Microsoft SAML <./saml/saml-microsoft>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:86
-msgid "**SAML Attribute NameFormat**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:87
-msgid "``basic``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:89
+#: ../settings/security/third-party/saml.rst:75
 msgid ""
-"In the example above, we're telling Zammad that whenever it receives a SAML "
-"login request, it should take the ``email`` property from Keycloak, look for "
-"a Zammad user with the same ``email`` attribute, and create a new session "
-"for that user."
+"If your are using another IdP, adapt it to your needs. For a description of "
+"the fields in Zammad, read on below."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:95
-msgid ""
-"If your Keycloak users' email addresses are stored on another property (*e."
-"g.,* ``username``), adjust accordingly."
+#: ../settings/security/third-party/saml.rst:88
+msgid "General Zammad Configuration"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:98
-msgid ""
-"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
-"saml/metadata``) in the field **Master SAML Processing URL**."
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:101
-msgid "You also need to enable **Sign assertions**."
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:105
-msgid "Step 2: Configure Zammad"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:107
+#: ../settings/security/third-party/saml.rst:90
 msgid ""
 "Enable SAML and enter your IdP's details in the Admin Panel under **Settings "
 "> Security > Third Party Applications > Authentication via SAML**:"
@@ -18059,66 +18001,65 @@ msgstr ""
 msgid "Example configuration of SAML part 1"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Display name"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:116
+#: ../settings/security/third-party/saml.rst:99
 msgid ""
 "Allows you to define a custom button name for SAML. This helps your users to "
 "understand better what the button on the login page does."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Defaults to ``SAML``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:123
+#: ../settings/security/third-party/saml.rst:106
 msgid "IDP SSO target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:122
+#: ../settings/security/third-party/saml.rst:105
 msgid ""
 "This is the target URL Zammad shall redirect to when the user presses the "
-"SAML button. For Keycloak, this needs to look like https://your.domain/"
-"realms/your-realm/protocol/saml"
+"SAML button."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:127
+#: ../settings/security/third-party/saml.rst:110
 msgid "IDP single logout target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:126
+#: ../settings/security/third-party/saml.rst:109
 msgid ""
 "This is the URL to which the single logout request and response should be "
 "sent."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:131
+#: ../settings/security/third-party/saml.rst:114
 msgid "IDP certificate"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:130
+#: ../settings/security/third-party/saml.rst:113
 msgid ""
 "The public certificate of your IDP for Zammad to verify during the callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:145
+#: ../settings/security/third-party/saml.rst:128
 msgid "IDP certificate fingerprint"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:134
+#: ../settings/security/third-party/saml.rst:117
 msgid ""
 "The fingerprint of your IDPs public certificate to verify during callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:137
+#: ../settings/security/third-party/saml.rst:120
 msgid "🔏 **For the IdP certificate / certificate fingerprint:**"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:139
+#: ../settings/security/third-party/saml.rst:122
 msgid ""
 "Provide **only one or the other**—do not provide both! (Between the two, we "
 "recommend the signing certificate itself: fingerprints use SHA-1, which `has "
@@ -18126,31 +18067,31 @@ msgid ""
 "sha1_broken.html>`_.)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:144
+#: ../settings/security/third-party/saml.rst:127
 msgid ""
 "**Keycloak users:** Find your certificate in the Keycloak admin panel under "
 "**Realm Settings > Keys > Algorithm: RS256 > Certificate**."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Name identifier format"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:148
+#: ../settings/security/third-party/saml.rst:131
 msgid ""
 "This is the unique identifiers field type. Usually it should be ``urn:oasis:"
 "names:tc:SAML:1.1:nameid-format:emailAddress``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Zammad **expects an email address as unique identifier**!"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:155
+#: ../settings/security/third-party/saml.rst:138
 msgid "UID attribute name"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:154
+#: ../settings/security/third-party/saml.rst:137
 msgid ""
 "Here you can define an attribute that uniquely identifies the user. If "
 "unset, the name identifier returned by the IDP is used."
@@ -18160,101 +18101,361 @@ msgstr ""
 msgid "Example configuration of SAML part 2"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:163
+#: ../settings/security/third-party/saml.rst:146
 msgid ""
 "Decide if the certificate for the connection to the IdP service has to be "
 "verified or not (default: ``yes``)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid "Signing & Encrypting"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid ""
 "Define if you want to sign, encrypt, do both or nothing for the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "Certificate (PEM)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:172
+#: ../settings/security/third-party/saml.rst:155
 msgid ""
 "Paste the public certificate of your Zammad SAML client, if you want to "
 "encrypt the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:175
+#: ../settings/security/third-party/saml.rst:158
 msgid "Make sure the certificate is:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:177
+#: ../settings/security/third-party/saml.rst:160
 msgid "already valid and not yet expired"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:178
+#: ../settings/security/third-party/saml.rst:161
 msgid "no CA certificate"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "valid for signing and encrypting"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Private key (PEM)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:182
+#: ../settings/security/third-party/saml.rst:165
 msgid ""
 "Paste the private key of your Zammad SAML client here, if you want to sign "
 "the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Make sure the key is an RSA key with a length of at least 2048 bits."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "Private key secret"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "If your private key is secured with a secret, you can provide it here."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:192
+#: ../settings/security/third-party/saml.rst:175
 msgid "Your callback URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:191
+#: ../settings/security/third-party/saml.rst:174
 msgid ""
 "This URL is needed for your IdP configuration so it knows where to redirect "
 "to after successful authentication."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:194
+#: ../settings/security/third-party/saml.rst:177
 msgid ""
 "After saving your input by clicking on the \"Submit\" button, Zammad "
 "verifies the provided keys/certificates (e.g. if they are valid for signing/"
 "encrypting and if they aren't expired)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:199
+#: ../settings/security/third-party/saml.rst:182
 msgid ""
 "See :ref:`automatic account linking <automatic-account-linking>` for details "
 "on how to link existing Zammad accounts to IdP accounts."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:205
+#: ../settings/security/third-party/saml.rst:188
 msgid "Automatic account linking doesn't work"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:206
+#: ../settings/security/third-party/saml.rst:189
 msgid ""
 "Have you double-checked your IdP's user attribute mapping configuration?"
 msgstr ""
 
+#: ../settings/security/third-party/saml/saml-keycloak.rst:2
+msgid "SAML with Keycloak"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:5
+msgid "Step 1: Keycloak Configuration"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:7
+msgid ""
+"**To add Zammad as a client,** save the XML configuration to disk (``https://"
+"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
+"Import client** in the Keycloak admin panel."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:13
+msgid ""
+"To help Zammad **match its own user accounts to Keycloak users**, create a "
+"user attribute (or “property”) mapper. In **Clients list**, click on your "
+"newly created Client ID, choose the tab **Client scopes** and click on the "
+"link which refers to your Zammad instance. Choose **Add mapper > By "
+"configuration > User Property** and create a mapper with the following "
+"entries:"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:22
+msgid "**Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:24
+msgid "**Mapper Type**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:25
+msgid "``User Property``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:26
+msgid "**Property**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:27
+msgid "``emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:28
+msgid "**SAML Attribute Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:30
+msgid "**SAML Attribute NameFormat**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:31
+msgid "``basic``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:33
+msgid ""
+"In the example above, we're telling Zammad that whenever it receives a SAML "
+"login request, it should take the ``email`` property from Keycloak, look for "
+"a Zammad user with the same ``email`` attribute, and create a new session "
+"for that user."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:39
+msgid ""
+"If your Keycloak users' email addresses are stored on another property (*e."
+"g.,* ``username``), adjust accordingly."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:42
+msgid ""
+"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
+"saml/metadata``) in the field **Master SAML Processing URL**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:46
+msgid "You also need to enable **Sign assertions**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:49
+msgid "2. Configure Zammad"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:51
+#: ../settings/security/third-party/saml/saml-microsoft.rst:53
+msgid "Log in to Zammad as an administrator"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:52
+#: ../settings/security/third-party/saml/saml-microsoft.rst:54
+msgid ""
+"In the admin panel go to \"Settings\" > \"Security\" > \"Third-party "
+"Applications\" > \"Authentication via SAML\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:54
+#: ../settings/security/third-party/saml/saml-microsoft.rst:56
+msgid "Provide the following information:"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:56
+msgid ""
+"SAML IdP Login URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:57
+msgid ""
+"SAML IdP Logout URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:59
+#: ../settings/security/third-party/saml/saml-microsoft.rst:61
+msgid ""
+"Name Identifier Format: ``urn:oasis:names:tc:SAML:1.1:nameid-format:"
+"emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:60
+#: ../settings/security/third-party/saml/saml-microsoft.rst:62
+msgid ""
+"SAML IdP Certificate: Upload the previously downloaded Base64 certificate."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:61
+#: ../settings/security/third-party/saml/saml-microsoft.rst:63
+msgid "Save the settings"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:64
+#: ../settings/security/third-party/saml/saml-microsoft.rst:72
+msgid ""
+"Read on at :ref:`saml-zammad` for a description of the specific fields in "
+"Zammad."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:2
+msgid "SAML with Microsoft 365"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:5
+msgid "1. Register Zammad as an Application in Microsoft Entra ID"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:7
+msgid "Log in to the Microsoft Entra admin center with administrative rights"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:8
+msgid ""
+"Navigate to \"Identity\" > \"Applications\" > \"Enterprise Applications\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:9
+msgid "Click \"New Application\" and select \"Create your own application\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:10
+msgid "Enter a name for the application, e.g. \"Zammad SAML Integration\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:11
+msgid ""
+"Choose \"Integrate any other application you don't find in the gallery\", "
+"then click \"Create\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:15
+msgid "2. Configure SAML-based Single Sign-On (SSO)"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:17
+msgid "After the application is created, go to its overview page"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:18
+msgid "Select \"Single sign-on\" from the left-hand menu"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:19
+msgid "Choose \"SAML\" as the sign-on method"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:20
+msgid "In the \"Basic SAML Configuration\" section, click \"Edit\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:22
+msgid ""
+"Identifier (Entity ID): Use Zammad's Entity ID, which can be found at "
+"``https://your.zammad.domain/auth/saml/metadata``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:24
+msgid ""
+"Reply URL (Assertion Consumer Service URL): Set it to ``https://your.zammad."
+"domain/auth/saml/callback``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:27
+msgid "Save the configuration"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:30
+msgid "3. Configure User Attributes and Claims Mapping"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:32
+msgid ""
+"In the \"Attributes & Claims\" section, click \"Edit\". By default, some "
+"claims like User Principal Name, Email Address, First Name, and Last Name "
+"are already configured."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid ""
+"Screenshots showing \"Attribute & Claims\" configuration in Entra admin "
+"center"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:41
+msgid "4. Download the SAML Certificate"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:43
+msgid ""
+"In the \"SAML Signing Certificate\" section, download the \"Certificate "
+"(Base64)\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid "Screenshot showing the highlighted certificate export already"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:51
+msgid "5. Configure Zammad"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:58
+msgid ""
+"IDP SSO target URL: The Login URL from the Microsoft Entra Admin Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:59
+msgid ""
+"IDP single logout target URL: The Logout URL from the Microsoft Entra Admin "
+"Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:66
+msgid "6. Assign Users"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:68
+msgid ""
+"In Microsoft Entra ID, assign the relevant users to the Zammad application "
+"to grant them access."
+msgstr ""
+
 #: ../settings/security/third-party/twitter.rst:4
 msgid ""
 "It is possible to create a quick login for your helpdesk via Twitter. To do "
diff --git a/locale/pt_BR/LC_MESSAGES/admin-docs.po b/locale/pt_BR/LC_MESSAGES/admin-docs.po
index e3a575c8..74f11524 100644
--- a/locale/pt_BR/LC_MESSAGES/admin-docs.po
+++ b/locale/pt_BR/LC_MESSAGES/admin-docs.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Zammad\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-11-14 11:32+0100\n"
+"POT-Creation-Date: 2024-11-29 15:26+0100\n"
 "PO-Revision-Date: 2024-03-10 08:00+0000\n"
 "Last-Translator: Glauber Daniel Ribeiro <glauberdribeiro@gmail.com>\n"
 "Language-Team: Portuguese (Brazil) <https://translations.zammad.org/projects/"
@@ -26,6 +26,7 @@ msgstr "Chat"
 #: ../channels/chat.rst:5 ../channels/facebook.rst:5
 #: ../misc/object-conditions/basics.rst:5
 #: ../settings/security/ssl-certificates.rst:5
+#: ../settings/security/third-party/saml.rst:5
 #: ../system/integrations/pgp/index.rst:5 ../system/objects/permissions.rst:5
 #, fuzzy
 msgid "Introduction"
@@ -568,7 +569,7 @@ msgstr ""
 
 #: ../channels/email/accounts/account-setup.rst:141
 #: ../channels/email/accounts/account-setup.rst:264
-#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:166
+#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:149
 #: ../system/integrations/i-doit.rst:74
 #, fuzzy
 msgid "SSL verification"
@@ -834,7 +835,7 @@ msgstr ""
 #: ../channels/email/accounts/account-setup.rst:288
 #: ../channels/google/basic-setup.rst:231
 #: ../channels/microsoft365/accounts/account-setup.rst:170
-#: ../settings/security/third-party/saml.rst:203
+#: ../settings/security/third-party/saml.rst:186
 #: ../system/integrations/cti/includes/troubleshooting.include.rst:2
 #: ../system/integrations/github.rst:53 ../system/integrations/gitlab.rst:46
 #: ../system/integrations/pgp/index.rst:112
@@ -4143,8 +4144,8 @@ msgid "OpenId permissions"
 msgstr ""
 
 #: ../channels/microsoft365/accounts/register-app.rst:87
-#: ../settings/security/third-party/saml.rst:79
-#: ../settings/security/third-party/saml.rst:85
+#: ../settings/security/third-party/saml/saml-keycloak.rst:23
+#: ../settings/security/third-party/saml/saml-keycloak.rst:29
 msgid "``email``"
 msgstr ""
 
@@ -18245,188 +18246,135 @@ msgstr ""
 msgid "SAML"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:4
-msgid ""
-"Connect your SAML (Security Assertion Markup Language) identity provider as "
-"a single sign-on (SSO) method."
-msgstr ""
-
 #: ../settings/security/third-party/saml.rst:7
 msgid ""
-"SAML is an open standard for SSO authentication (among other things). Sign-"
-"ins are shared across multiple **service providers** and managed by a "
-"central **identity provider** (IdP)."
+"Connect your SAML (Security Assertion Markup Language) identity provider as "
+"a single sign-on (SSO) method. SAML is an open standard for SSO "
+"authentication (among other things). Sign-ins are shared across multiple "
+"**service providers** and managed by a central **identity provider** (IdP)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:11
+#: ../settings/security/third-party/saml.rst:12
 msgid ""
 "In this case, the service provider is Zammad, and the IdP is a software "
-"service that you either host or subscribe to (*e.g.,* `Keycloak <https://www."
+"service that you either host or subscribe to (e.g. `Keycloak <https://www."
 "keycloak.org/>`_, `Redhat SSO Server <https://access.redhat.com/products/red-"
 "hat-single-sign-on>`_, `ADFS <https://docs.microsoft.com/en-us/windows-"
 "server/identity/active-directory-federation-services>`_, or `Okta <https://"
 "www.okta.com/>`_)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:18
+#: ../settings/security/third-party/saml.rst:19
 msgid ""
-"This guide assumes you are already using SAML within your organization (i."
-"e., that your IdP is fully set up)."
+"This guide assumes you are already using SAML within your organization (i.e. "
+"that your IdP is fully set up)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:21
-msgid ""
-"Please note: Our instructions are based on connecting Zammad with Keycloak."
-msgstr ""
+#: ../settings/security/third-party/saml.rst:23
+#, fuzzy
+msgid "Basic Configuration"
+msgstr "Configuração"
 
 #: ../settings/security/third-party/saml.rst:25
-msgid "Step 1: Configure Your IdP"
+msgid ""
+"This section describes the setup of an IdP in a general way. See :ref:`saml-"
+"guides` for setup guides for Keycloak and Microsoft SAML."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:28
+#: ../settings/security/third-party/saml.rst:29
+#, fuzzy
+#| msgid "Configuration"
+msgid "Configure Your IdP"
+msgstr "Configuração"
+
+#: ../settings/security/third-party/saml.rst:32
 msgid "Add Zammad as a Client/App"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:30
+#: ../settings/security/third-party/saml.rst:34
 msgid ""
 "Import Zammad into your IdP using the XML configuration found at ``https://"
 "your.zammad.domain/auth/saml/metadata``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:33
+#: ../settings/security/third-party/saml.rst:37
 msgid ""
 "If your IdP doesn't support XML import, you will have to configure Zammad as "
 "a new client/app manually using the above XML metadata file for reference."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:36
+#: ../settings/security/third-party/saml.rst:40
 msgid "For instance, when you see this tag:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:42
+#: ../settings/security/third-party/saml.rst:46
 msgid ""
 "Set the **Assertion Consumer Service Binding URL** (sometimes also listed as "
 "**Valid Redirect URIs**) to ``http://your.zammad.domain/auth/saml/callback``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:47
+#: ../settings/security/third-party/saml.rst:51
 msgid "Set Up User Attribute Mapping"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:49
+#: ../settings/security/third-party/saml.rst:53
 msgid ""
 "Zammad requests the following user attributes (or “properties”) from the IdP:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:51
+#: ../settings/security/third-party/saml.rst:55
 msgid "Email address (``email``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:52
+#: ../settings/security/third-party/saml.rst:56
 msgid "Full name (``name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:53
+#: ../settings/security/third-party/saml.rst:57
 msgid "Given name (``first_name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:54
+#: ../settings/security/third-party/saml.rst:58
 msgid "Family name (``last_name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:56
+#: ../settings/security/third-party/saml.rst:60
 msgid ""
 "You may need to set up “mappers” (or “mappings”) to tell your IdP how user "
 "attributes in SAML correspond to those in Zammad. For a more detailed "
 "breakdown, refer to the XML metadata file referenced in the previous section."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:62
-msgid "Per-IdP Instructions"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:102
-msgid "Keycloak"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:65
-msgid ""
-"**To add Zammad as a client,** save the XML configuration to disk (``https://"
-"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
-"Import client** in the Keycloak admin panel."
-msgstr ""
+#: ../settings/security/third-party/saml.rst:68
+#, fuzzy
+#| msgid "Configuration"
+msgid "Configuration Guides"
+msgstr "Configuração"
 
 #: ../settings/security/third-party/saml.rst:70
-msgid ""
-"To help Zammad **match its own user accounts to Keycloak users**, create a "
-"user attribute (or “property”) mapper. In **Clients list**, click on your "
-"newly created Client ID, choose the tab **Client scopes** and click on the "
-"link which refers to your Zammad instance. Choose **Add mapper > By "
-"configuration > User Property** and create a mapper with the following "
-"entries:"
+msgid "You can find specific configuration guides for:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:78
-msgid "**Name**"
+#: ../settings/security/third-party/saml.rst:72
+msgid ":doc:`Keycloak <./saml/saml-keycloak>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:80
-msgid "**Mapper Type**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:81
-msgid "``User Property``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:82
-msgid "**Property**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:83
-msgid "``emailAddress``"
+#: ../settings/security/third-party/saml.rst:73
+msgid ":doc:`Microsoft SAML <./saml/saml-microsoft>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:84
-msgid "**SAML Attribute Name**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:86
-msgid "**SAML Attribute NameFormat**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:87
-msgid "``basic``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:89
+#: ../settings/security/third-party/saml.rst:75
 msgid ""
-"In the example above, we're telling Zammad that whenever it receives a SAML "
-"login request, it should take the ``email`` property from Keycloak, look for "
-"a Zammad user with the same ``email`` attribute, and create a new session "
-"for that user."
+"If your are using another IdP, adapt it to your needs. For a description of "
+"the fields in Zammad, read on below."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:95
-msgid ""
-"If your Keycloak users' email addresses are stored on another property (*e."
-"g.,* ``username``), adjust accordingly."
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:98
-msgid ""
-"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
-"saml/metadata``) in the field **Master SAML Processing URL**."
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:101
-msgid "You also need to enable **Sign assertions**."
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:105
-msgid "Step 2: Configure Zammad"
-msgstr ""
+#: ../settings/security/third-party/saml.rst:88
+#, fuzzy
+msgid "General Zammad Configuration"
+msgstr "Configuração"
 
-#: ../settings/security/third-party/saml.rst:107
+#: ../settings/security/third-party/saml.rst:90
 msgid ""
 "Enable SAML and enter your IdP's details in the Admin Panel under **Settings "
 "> Security > Third Party Applications > Authentication via SAML**:"
@@ -18437,67 +18385,66 @@ msgstr ""
 msgid "Example configuration of SAML part 1"
 msgstr "Configuração"
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Display name"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:116
+#: ../settings/security/third-party/saml.rst:99
 msgid ""
 "Allows you to define a custom button name for SAML. This helps your users to "
 "understand better what the button on the login page does."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Defaults to ``SAML``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:123
+#: ../settings/security/third-party/saml.rst:106
 msgid "IDP SSO target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:122
+#: ../settings/security/third-party/saml.rst:105
 msgid ""
 "This is the target URL Zammad shall redirect to when the user presses the "
-"SAML button. For Keycloak, this needs to look like https://your.domain/"
-"realms/your-realm/protocol/saml"
+"SAML button."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:127
+#: ../settings/security/third-party/saml.rst:110
 msgid "IDP single logout target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:126
+#: ../settings/security/third-party/saml.rst:109
 msgid ""
 "This is the URL to which the single logout request and response should be "
 "sent."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:131
+#: ../settings/security/third-party/saml.rst:114
 #, fuzzy
 msgid "IDP certificate"
 msgstr "Limitação"
 
-#: ../settings/security/third-party/saml.rst:130
+#: ../settings/security/third-party/saml.rst:113
 msgid ""
 "The public certificate of your IDP for Zammad to verify during the callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:145
+#: ../settings/security/third-party/saml.rst:128
 msgid "IDP certificate fingerprint"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:134
+#: ../settings/security/third-party/saml.rst:117
 msgid ""
 "The fingerprint of your IDPs public certificate to verify during callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:137
+#: ../settings/security/third-party/saml.rst:120
 msgid "🔏 **For the IdP certificate / certificate fingerprint:**"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:139
+#: ../settings/security/third-party/saml.rst:122
 msgid ""
 "Provide **only one or the other**—do not provide both! (Between the two, we "
 "recommend the signing certificate itself: fingerprints use SHA-1, which `has "
@@ -18505,32 +18452,32 @@ msgid ""
 "sha1_broken.html>`_.)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:144
+#: ../settings/security/third-party/saml.rst:127
 msgid ""
 "**Keycloak users:** Find your certificate in the Keycloak admin panel under "
 "**Realm Settings > Keys > Algorithm: RS256 > Certificate**."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Name identifier format"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:148
+#: ../settings/security/third-party/saml.rst:131
 msgid ""
 "This is the unique identifiers field type. Usually it should be ``urn:oasis:"
 "names:tc:SAML:1.1:nameid-format:emailAddress``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Zammad **expects an email address as unique identifier**!"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:155
+#: ../settings/security/third-party/saml.rst:138
 #, fuzzy
 msgid "UID attribute name"
 msgstr "Atributos do artigo"
 
-#: ../settings/security/third-party/saml.rst:154
+#: ../settings/security/third-party/saml.rst:137
 msgid ""
 "Here you can define an attribute that uniquely identifies the user. If "
 "unset, the name identifier returned by the IDP is used."
@@ -18541,103 +18488,372 @@ msgstr ""
 msgid "Example configuration of SAML part 2"
 msgstr "Configuração"
 
-#: ../settings/security/third-party/saml.rst:163
+#: ../settings/security/third-party/saml.rst:146
 msgid ""
 "Decide if the certificate for the connection to the IdP service has to be "
 "verified or not (default: ``yes``)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid "Signing & Encrypting"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid ""
 "Define if you want to sign, encrypt, do both or nothing for the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "Certificate (PEM)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:172
+#: ../settings/security/third-party/saml.rst:155
 msgid ""
 "Paste the public certificate of your Zammad SAML client, if you want to "
 "encrypt the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:175
+#: ../settings/security/third-party/saml.rst:158
 #, fuzzy
 msgid "Make sure the certificate is:"
 msgstr "Limitação"
 
-#: ../settings/security/third-party/saml.rst:177
+#: ../settings/security/third-party/saml.rst:160
 msgid "already valid and not yet expired"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:178
+#: ../settings/security/third-party/saml.rst:161
 #, fuzzy
 msgid "no CA certificate"
 msgstr "Limitação"
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "valid for signing and encrypting"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Private key (PEM)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:182
+#: ../settings/security/third-party/saml.rst:165
 msgid ""
 "Paste the private key of your Zammad SAML client here, if you want to sign "
 "the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Make sure the key is an RSA key with a length of at least 2048 bits."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "Private key secret"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "If your private key is secured with a secret, you can provide it here."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:192
+#: ../settings/security/third-party/saml.rst:175
 msgid "Your callback URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:191
+#: ../settings/security/third-party/saml.rst:174
 msgid ""
 "This URL is needed for your IdP configuration so it knows where to redirect "
 "to after successful authentication."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:194
+#: ../settings/security/third-party/saml.rst:177
 msgid ""
 "After saving your input by clicking on the \"Submit\" button, Zammad "
 "verifies the provided keys/certificates (e.g. if they are valid for signing/"
 "encrypting and if they aren't expired)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:199
+#: ../settings/security/third-party/saml.rst:182
 msgid ""
 "See :ref:`automatic account linking <automatic-account-linking>` for details "
 "on how to link existing Zammad accounts to IdP accounts."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:205
+#: ../settings/security/third-party/saml.rst:188
 msgid "Automatic account linking doesn't work"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:206
+#: ../settings/security/third-party/saml.rst:189
 msgid ""
 "Have you double-checked your IdP's user attribute mapping configuration?"
 msgstr ""
 
+#: ../settings/security/third-party/saml/saml-keycloak.rst:2
+msgid "SAML with Keycloak"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:5
+#, fuzzy
+msgid "Step 1: Keycloak Configuration"
+msgstr "Configuração"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:7
+msgid ""
+"**To add Zammad as a client,** save the XML configuration to disk (``https://"
+"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
+"Import client** in the Keycloak admin panel."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:13
+msgid ""
+"To help Zammad **match its own user accounts to Keycloak users**, create a "
+"user attribute (or “property”) mapper. In **Clients list**, click on your "
+"newly created Client ID, choose the tab **Client scopes** and click on the "
+"link which refers to your Zammad instance. Choose **Add mapper > By "
+"configuration > User Property** and create a mapper with the following "
+"entries:"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:22
+msgid "**Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:24
+msgid "**Mapper Type**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:25
+msgid "``User Property``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:26
+msgid "**Property**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:27
+msgid "``emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:28
+msgid "**SAML Attribute Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:30
+msgid "**SAML Attribute NameFormat**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:31
+msgid "``basic``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:33
+msgid ""
+"In the example above, we're telling Zammad that whenever it receives a SAML "
+"login request, it should take the ``email`` property from Keycloak, look for "
+"a Zammad user with the same ``email`` attribute, and create a new session "
+"for that user."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:39
+msgid ""
+"If your Keycloak users' email addresses are stored on another property (*e."
+"g.,* ``username``), adjust accordingly."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:42
+msgid ""
+"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
+"saml/metadata``) in the field **Master SAML Processing URL**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:46
+msgid "You also need to enable **Sign assertions**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:49
+#, fuzzy
+msgid "2. Configure Zammad"
+msgstr "Configure o Zammad como um robô do Telegram"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:51
+#: ../settings/security/third-party/saml/saml-microsoft.rst:53
+#, fuzzy
+#| msgid "Zammad - Documentation for administrators"
+msgid "Log in to Zammad as an administrator"
+msgstr "Zammad - Documentação para administradores"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:52
+#: ../settings/security/third-party/saml/saml-microsoft.rst:54
+msgid ""
+"In the admin panel go to \"Settings\" > \"Security\" > \"Third-party "
+"Applications\" > \"Authentication via SAML\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:54
+#: ../settings/security/third-party/saml/saml-microsoft.rst:56
+#, fuzzy
+msgid "Provide the following information:"
+msgstr "Esta sessão atualmente carece das seguintes integrações:"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:56
+msgid ""
+"SAML IdP Login URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:57
+msgid ""
+"SAML IdP Logout URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:59
+#: ../settings/security/third-party/saml/saml-microsoft.rst:61
+msgid ""
+"Name Identifier Format: ``urn:oasis:names:tc:SAML:1.1:nameid-format:"
+"emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:60
+#: ../settings/security/third-party/saml/saml-microsoft.rst:62
+msgid ""
+"SAML IdP Certificate: Upload the previously downloaded Base64 certificate."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:61
+#: ../settings/security/third-party/saml/saml-microsoft.rst:63
+#, fuzzy
+msgid "Save the settings"
+msgstr "Configurações"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:64
+#: ../settings/security/third-party/saml/saml-microsoft.rst:72
+msgid ""
+"Read on at :ref:`saml-zammad` for a description of the specific fields in "
+"Zammad."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:2
+msgid "SAML with Microsoft 365"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:5
+msgid "1. Register Zammad as an Application in Microsoft Entra ID"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:7
+msgid "Log in to the Microsoft Entra admin center with administrative rights"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:8
+msgid ""
+"Navigate to \"Identity\" > \"Applications\" > \"Enterprise Applications\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:9
+msgid "Click \"New Application\" and select \"Create your own application\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:10
+msgid "Enter a name for the application, e.g. \"Zammad SAML Integration\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:11
+msgid ""
+"Choose \"Integrate any other application you don't find in the gallery\", "
+"then click \"Create\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:15
+msgid "2. Configure SAML-based Single Sign-On (SSO)"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:17
+msgid "After the application is created, go to its overview page"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:18
+msgid "Select \"Single sign-on\" from the left-hand menu"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:19
+msgid "Choose \"SAML\" as the sign-on method"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:20
+msgid "In the \"Basic SAML Configuration\" section, click \"Edit\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:22
+msgid ""
+"Identifier (Entity ID): Use Zammad's Entity ID, which can be found at "
+"``https://your.zammad.domain/auth/saml/metadata``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:24
+msgid ""
+"Reply URL (Assertion Consumer Service URL): Set it to ``https://your.zammad."
+"domain/auth/saml/callback``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:27
+#, fuzzy
+msgid "Save the configuration"
+msgstr "Configuração"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:30
+msgid "3. Configure User Attributes and Claims Mapping"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:32
+msgid ""
+"In the \"Attributes & Claims\" section, click \"Edit\". By default, some "
+"claims like User Principal Name, Email Address, First Name, and Last Name "
+"are already configured."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid ""
+"Screenshots showing \"Attribute & Claims\" configuration in Entra admin "
+"center"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:41
+#, fuzzy
+msgid "4. Download the SAML Certificate"
+msgstr "Limitação"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:43
+msgid ""
+"In the \"SAML Signing Certificate\" section, download the \"Certificate "
+"(Base64)\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid "Screenshot showing the highlighted certificate export already"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:51
+#, fuzzy
+msgid "5. Configure Zammad"
+msgstr "Configure o Zammad como um robô do Telegram"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:58
+msgid ""
+"IDP SSO target URL: The Login URL from the Microsoft Entra Admin Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:59
+msgid ""
+"IDP single logout target URL: The Logout URL from the Microsoft Entra Admin "
+"Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:66
+msgid "6. Assign Users"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:68
+msgid ""
+"In Microsoft Entra ID, assign the relevant users to the Zammad application "
+"to grant them access."
+msgstr ""
+
 #: ../settings/security/third-party/twitter.rst:4
 #, fuzzy
 msgid ""
@@ -27229,9 +27445,6 @@ msgstr ""
 #~ msgid "Ordering objects"
 #~ msgstr "Objetos"
 
-#~ msgid "Zammad - Documentation for administrators"
-#~ msgstr "Zammad - Documentação para administradores"
-
 #~ msgid ""
 #~ "Besides the optical state of an event, you can also reset the access "
 #~ "token for this module and get the monitoring URL for a monitoring system "
diff --git a/locale/ru/LC_MESSAGES/admin-docs.po b/locale/ru/LC_MESSAGES/admin-docs.po
index 0f74a220..29c06468 100644
--- a/locale/ru/LC_MESSAGES/admin-docs.po
+++ b/locale/ru/LC_MESSAGES/admin-docs.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Zammad\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-11-14 11:32+0100\n"
+"POT-Creation-Date: 2024-11-29 15:26+0100\n"
 "PO-Revision-Date: 2024-10-16 13:00+0000\n"
 "Last-Translator: Nikita <nyakovlev@iko.tech>\n"
 "Language-Team: Russian <https://translations.zammad.org/projects/"
@@ -27,6 +27,7 @@ msgstr "Чат"
 #: ../channels/chat.rst:5 ../channels/facebook.rst:5
 #: ../misc/object-conditions/basics.rst:5
 #: ../settings/security/ssl-certificates.rst:5
+#: ../settings/security/third-party/saml.rst:5
 #: ../system/integrations/pgp/index.rst:5 ../system/objects/permissions.rst:5
 msgid "Introduction"
 msgstr ""
@@ -539,7 +540,7 @@ msgstr ""
 
 #: ../channels/email/accounts/account-setup.rst:141
 #: ../channels/email/accounts/account-setup.rst:264
-#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:166
+#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:149
 #: ../system/integrations/i-doit.rst:74
 msgid "SSL verification"
 msgstr ""
@@ -804,7 +805,7 @@ msgstr ""
 #: ../channels/email/accounts/account-setup.rst:288
 #: ../channels/google/basic-setup.rst:231
 #: ../channels/microsoft365/accounts/account-setup.rst:170
-#: ../settings/security/third-party/saml.rst:203
+#: ../settings/security/third-party/saml.rst:186
 #: ../system/integrations/cti/includes/troubleshooting.include.rst:2
 #: ../system/integrations/github.rst:53 ../system/integrations/gitlab.rst:46
 #: ../system/integrations/pgp/index.rst:112
@@ -4063,8 +4064,8 @@ msgid "OpenId permissions"
 msgstr ""
 
 #: ../channels/microsoft365/accounts/register-app.rst:87
-#: ../settings/security/third-party/saml.rst:79
-#: ../settings/security/third-party/saml.rst:85
+#: ../settings/security/third-party/saml/saml-keycloak.rst:23
+#: ../settings/security/third-party/saml/saml-keycloak.rst:29
 msgid "``email``"
 msgstr ""
 
@@ -17893,188 +17894,133 @@ msgstr ""
 msgid "SAML"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:4
-msgid ""
-"Connect your SAML (Security Assertion Markup Language) identity provider as "
-"a single sign-on (SSO) method."
-msgstr ""
-
 #: ../settings/security/third-party/saml.rst:7
 msgid ""
-"SAML is an open standard for SSO authentication (among other things). Sign-"
-"ins are shared across multiple **service providers** and managed by a "
-"central **identity provider** (IdP)."
+"Connect your SAML (Security Assertion Markup Language) identity provider as "
+"a single sign-on (SSO) method. SAML is an open standard for SSO "
+"authentication (among other things). Sign-ins are shared across multiple "
+"**service providers** and managed by a central **identity provider** (IdP)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:11
+#: ../settings/security/third-party/saml.rst:12
 msgid ""
 "In this case, the service provider is Zammad, and the IdP is a software "
-"service that you either host or subscribe to (*e.g.,* `Keycloak <https://www."
+"service that you either host or subscribe to (e.g. `Keycloak <https://www."
 "keycloak.org/>`_, `Redhat SSO Server <https://access.redhat.com/products/red-"
 "hat-single-sign-on>`_, `ADFS <https://docs.microsoft.com/en-us/windows-"
 "server/identity/active-directory-federation-services>`_, or `Okta <https://"
 "www.okta.com/>`_)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:18
+#: ../settings/security/third-party/saml.rst:19
 msgid ""
-"This guide assumes you are already using SAML within your organization (i."
-"e., that your IdP is fully set up)."
+"This guide assumes you are already using SAML within your organization (i.e. "
+"that your IdP is fully set up)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:21
+#: ../settings/security/third-party/saml.rst:23
+#, fuzzy
+#| msgid "Configuration of the Chat widget"
+msgid "Basic Configuration"
+msgstr "Настройка виджета чата"
+
+#: ../settings/security/third-party/saml.rst:25
 msgid ""
-"Please note: Our instructions are based on connecting Zammad with Keycloak."
+"This section describes the setup of an IdP in a general way. See :ref:`saml-"
+"guides` for setup guides for Keycloak and Microsoft SAML."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:25
-msgid "Step 1: Configure Your IdP"
+#: ../settings/security/third-party/saml.rst:29
+msgid "Configure Your IdP"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:28
+#: ../settings/security/third-party/saml.rst:32
 msgid "Add Zammad as a Client/App"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:30
+#: ../settings/security/third-party/saml.rst:34
 msgid ""
 "Import Zammad into your IdP using the XML configuration found at ``https://"
 "your.zammad.domain/auth/saml/metadata``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:33
+#: ../settings/security/third-party/saml.rst:37
 msgid ""
 "If your IdP doesn't support XML import, you will have to configure Zammad as "
 "a new client/app manually using the above XML metadata file for reference."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:36
+#: ../settings/security/third-party/saml.rst:40
 msgid "For instance, when you see this tag:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:42
+#: ../settings/security/third-party/saml.rst:46
 msgid ""
 "Set the **Assertion Consumer Service Binding URL** (sometimes also listed as "
 "**Valid Redirect URIs**) to ``http://your.zammad.domain/auth/saml/callback``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:47
+#: ../settings/security/third-party/saml.rst:51
 msgid "Set Up User Attribute Mapping"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:49
+#: ../settings/security/third-party/saml.rst:53
 msgid ""
 "Zammad requests the following user attributes (or “properties”) from the IdP:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:51
+#: ../settings/security/third-party/saml.rst:55
 msgid "Email address (``email``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:52
+#: ../settings/security/third-party/saml.rst:56
 msgid "Full name (``name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:53
+#: ../settings/security/third-party/saml.rst:57
 msgid "Given name (``first_name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:54
+#: ../settings/security/third-party/saml.rst:58
 msgid "Family name (``last_name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:56
+#: ../settings/security/third-party/saml.rst:60
 msgid ""
 "You may need to set up “mappers” (or “mappings”) to tell your IdP how user "
 "attributes in SAML correspond to those in Zammad. For a more detailed "
 "breakdown, refer to the XML metadata file referenced in the previous section."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:62
-msgid "Per-IdP Instructions"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:102
-msgid "Keycloak"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:65
-msgid ""
-"**To add Zammad as a client,** save the XML configuration to disk (``https://"
-"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
-"Import client** in the Keycloak admin panel."
-msgstr ""
+#: ../settings/security/third-party/saml.rst:68
+#, fuzzy
+#| msgid "Configuration of the Chat widget"
+msgid "Configuration Guides"
+msgstr "Настройка виджета чата"
 
 #: ../settings/security/third-party/saml.rst:70
-msgid ""
-"To help Zammad **match its own user accounts to Keycloak users**, create a "
-"user attribute (or “property”) mapper. In **Clients list**, click on your "
-"newly created Client ID, choose the tab **Client scopes** and click on the "
-"link which refers to your Zammad instance. Choose **Add mapper > By "
-"configuration > User Property** and create a mapper with the following "
-"entries:"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:78
-msgid "**Name**"
+msgid "You can find specific configuration guides for:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:80
-msgid "**Mapper Type**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:81
-msgid "``User Property``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:82
-msgid "**Property**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:83
-msgid "``emailAddress``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:84
-msgid "**SAML Attribute Name**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:86
-msgid "**SAML Attribute NameFormat**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:87
-msgid "``basic``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:89
-msgid ""
-"In the example above, we're telling Zammad that whenever it receives a SAML "
-"login request, it should take the ``email`` property from Keycloak, look for "
-"a Zammad user with the same ``email`` attribute, and create a new session "
-"for that user."
+#: ../settings/security/third-party/saml.rst:72
+msgid ":doc:`Keycloak <./saml/saml-keycloak>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:95
-msgid ""
-"If your Keycloak users' email addresses are stored on another property (*e."
-"g.,* ``username``), adjust accordingly."
+#: ../settings/security/third-party/saml.rst:73
+msgid ":doc:`Microsoft SAML <./saml/saml-microsoft>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:98
+#: ../settings/security/third-party/saml.rst:75
 msgid ""
-"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
-"saml/metadata``) in the field **Master SAML Processing URL**."
+"If your are using another IdP, adapt it to your needs. For a description of "
+"the fields in Zammad, read on below."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:101
-msgid "You also need to enable **Sign assertions**."
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:105
-msgid "Step 2: Configure Zammad"
+#: ../settings/security/third-party/saml.rst:88
+msgid "General Zammad Configuration"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:107
+#: ../settings/security/third-party/saml.rst:90
 msgid ""
 "Enable SAML and enter your IdP's details in the Admin Panel under **Settings "
 "> Security > Third Party Applications > Authentication via SAML**:"
@@ -18084,66 +18030,65 @@ msgstr ""
 msgid "Example configuration of SAML part 1"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Display name"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:116
+#: ../settings/security/third-party/saml.rst:99
 msgid ""
 "Allows you to define a custom button name for SAML. This helps your users to "
 "understand better what the button on the login page does."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Defaults to ``SAML``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:123
+#: ../settings/security/third-party/saml.rst:106
 msgid "IDP SSO target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:122
+#: ../settings/security/third-party/saml.rst:105
 msgid ""
 "This is the target URL Zammad shall redirect to when the user presses the "
-"SAML button. For Keycloak, this needs to look like https://your.domain/"
-"realms/your-realm/protocol/saml"
+"SAML button."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:127
+#: ../settings/security/third-party/saml.rst:110
 msgid "IDP single logout target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:126
+#: ../settings/security/third-party/saml.rst:109
 msgid ""
 "This is the URL to which the single logout request and response should be "
 "sent."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:131
+#: ../settings/security/third-party/saml.rst:114
 msgid "IDP certificate"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:130
+#: ../settings/security/third-party/saml.rst:113
 msgid ""
 "The public certificate of your IDP for Zammad to verify during the callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:145
+#: ../settings/security/third-party/saml.rst:128
 msgid "IDP certificate fingerprint"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:134
+#: ../settings/security/third-party/saml.rst:117
 msgid ""
 "The fingerprint of your IDPs public certificate to verify during callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:137
+#: ../settings/security/third-party/saml.rst:120
 msgid "🔏 **For the IdP certificate / certificate fingerprint:**"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:139
+#: ../settings/security/third-party/saml.rst:122
 msgid ""
 "Provide **only one or the other**—do not provide both! (Between the two, we "
 "recommend the signing certificate itself: fingerprints use SHA-1, which `has "
@@ -18151,31 +18096,31 @@ msgid ""
 "sha1_broken.html>`_.)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:144
+#: ../settings/security/third-party/saml.rst:127
 msgid ""
 "**Keycloak users:** Find your certificate in the Keycloak admin panel under "
 "**Realm Settings > Keys > Algorithm: RS256 > Certificate**."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Name identifier format"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:148
+#: ../settings/security/third-party/saml.rst:131
 msgid ""
 "This is the unique identifiers field type. Usually it should be ``urn:oasis:"
 "names:tc:SAML:1.1:nameid-format:emailAddress``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Zammad **expects an email address as unique identifier**!"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:155
+#: ../settings/security/third-party/saml.rst:138
 msgid "UID attribute name"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:154
+#: ../settings/security/third-party/saml.rst:137
 msgid ""
 "Here you can define an attribute that uniquely identifies the user. If "
 "unset, the name identifier returned by the IDP is used."
@@ -18185,101 +18130,361 @@ msgstr ""
 msgid "Example configuration of SAML part 2"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:163
+#: ../settings/security/third-party/saml.rst:146
 msgid ""
 "Decide if the certificate for the connection to the IdP service has to be "
 "verified or not (default: ``yes``)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid "Signing & Encrypting"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid ""
 "Define if you want to sign, encrypt, do both or nothing for the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "Certificate (PEM)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:172
+#: ../settings/security/third-party/saml.rst:155
 msgid ""
 "Paste the public certificate of your Zammad SAML client, if you want to "
 "encrypt the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:175
+#: ../settings/security/third-party/saml.rst:158
 msgid "Make sure the certificate is:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:177
+#: ../settings/security/third-party/saml.rst:160
 msgid "already valid and not yet expired"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:178
+#: ../settings/security/third-party/saml.rst:161
 msgid "no CA certificate"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "valid for signing and encrypting"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Private key (PEM)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:182
+#: ../settings/security/third-party/saml.rst:165
 msgid ""
 "Paste the private key of your Zammad SAML client here, if you want to sign "
 "the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Make sure the key is an RSA key with a length of at least 2048 bits."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "Private key secret"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "If your private key is secured with a secret, you can provide it here."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:192
+#: ../settings/security/third-party/saml.rst:175
 msgid "Your callback URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:191
+#: ../settings/security/third-party/saml.rst:174
 msgid ""
 "This URL is needed for your IdP configuration so it knows where to redirect "
 "to after successful authentication."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:194
+#: ../settings/security/third-party/saml.rst:177
 msgid ""
 "After saving your input by clicking on the \"Submit\" button, Zammad "
 "verifies the provided keys/certificates (e.g. if they are valid for signing/"
 "encrypting and if they aren't expired)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:199
+#: ../settings/security/third-party/saml.rst:182
 msgid ""
 "See :ref:`automatic account linking <automatic-account-linking>` for details "
 "on how to link existing Zammad accounts to IdP accounts."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:205
+#: ../settings/security/third-party/saml.rst:188
 msgid "Automatic account linking doesn't work"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:206
+#: ../settings/security/third-party/saml.rst:189
 msgid ""
 "Have you double-checked your IdP's user attribute mapping configuration?"
 msgstr ""
 
+#: ../settings/security/third-party/saml/saml-keycloak.rst:2
+msgid "SAML with Keycloak"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:5
+msgid "Step 1: Keycloak Configuration"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:7
+msgid ""
+"**To add Zammad as a client,** save the XML configuration to disk (``https://"
+"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
+"Import client** in the Keycloak admin panel."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:13
+msgid ""
+"To help Zammad **match its own user accounts to Keycloak users**, create a "
+"user attribute (or “property”) mapper. In **Clients list**, click on your "
+"newly created Client ID, choose the tab **Client scopes** and click on the "
+"link which refers to your Zammad instance. Choose **Add mapper > By "
+"configuration > User Property** and create a mapper with the following "
+"entries:"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:22
+msgid "**Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:24
+msgid "**Mapper Type**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:25
+msgid "``User Property``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:26
+msgid "**Property**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:27
+msgid "``emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:28
+msgid "**SAML Attribute Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:30
+msgid "**SAML Attribute NameFormat**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:31
+msgid "``basic``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:33
+msgid ""
+"In the example above, we're telling Zammad that whenever it receives a SAML "
+"login request, it should take the ``email`` property from Keycloak, look for "
+"a Zammad user with the same ``email`` attribute, and create a new session "
+"for that user."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:39
+msgid ""
+"If your Keycloak users' email addresses are stored on another property (*e."
+"g.,* ``username``), adjust accordingly."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:42
+msgid ""
+"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
+"saml/metadata``) in the field **Master SAML Processing URL**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:46
+msgid "You also need to enable **Sign assertions**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:49
+msgid "2. Configure Zammad"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:51
+#: ../settings/security/third-party/saml/saml-microsoft.rst:53
+msgid "Log in to Zammad as an administrator"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:52
+#: ../settings/security/third-party/saml/saml-microsoft.rst:54
+msgid ""
+"In the admin panel go to \"Settings\" > \"Security\" > \"Third-party "
+"Applications\" > \"Authentication via SAML\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:54
+#: ../settings/security/third-party/saml/saml-microsoft.rst:56
+msgid "Provide the following information:"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:56
+msgid ""
+"SAML IdP Login URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:57
+msgid ""
+"SAML IdP Logout URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:59
+#: ../settings/security/third-party/saml/saml-microsoft.rst:61
+msgid ""
+"Name Identifier Format: ``urn:oasis:names:tc:SAML:1.1:nameid-format:"
+"emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:60
+#: ../settings/security/third-party/saml/saml-microsoft.rst:62
+msgid ""
+"SAML IdP Certificate: Upload the previously downloaded Base64 certificate."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:61
+#: ../settings/security/third-party/saml/saml-microsoft.rst:63
+msgid "Save the settings"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:64
+#: ../settings/security/third-party/saml/saml-microsoft.rst:72
+msgid ""
+"Read on at :ref:`saml-zammad` for a description of the specific fields in "
+"Zammad."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:2
+msgid "SAML with Microsoft 365"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:5
+msgid "1. Register Zammad as an Application in Microsoft Entra ID"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:7
+msgid "Log in to the Microsoft Entra admin center with administrative rights"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:8
+msgid ""
+"Navigate to \"Identity\" > \"Applications\" > \"Enterprise Applications\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:9
+msgid "Click \"New Application\" and select \"Create your own application\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:10
+msgid "Enter a name for the application, e.g. \"Zammad SAML Integration\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:11
+msgid ""
+"Choose \"Integrate any other application you don't find in the gallery\", "
+"then click \"Create\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:15
+msgid "2. Configure SAML-based Single Sign-On (SSO)"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:17
+msgid "After the application is created, go to its overview page"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:18
+msgid "Select \"Single sign-on\" from the left-hand menu"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:19
+msgid "Choose \"SAML\" as the sign-on method"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:20
+msgid "In the \"Basic SAML Configuration\" section, click \"Edit\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:22
+msgid ""
+"Identifier (Entity ID): Use Zammad's Entity ID, which can be found at "
+"``https://your.zammad.domain/auth/saml/metadata``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:24
+msgid ""
+"Reply URL (Assertion Consumer Service URL): Set it to ``https://your.zammad."
+"domain/auth/saml/callback``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:27
+msgid "Save the configuration"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:30
+msgid "3. Configure User Attributes and Claims Mapping"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:32
+msgid ""
+"In the \"Attributes & Claims\" section, click \"Edit\". By default, some "
+"claims like User Principal Name, Email Address, First Name, and Last Name "
+"are already configured."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid ""
+"Screenshots showing \"Attribute & Claims\" configuration in Entra admin "
+"center"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:41
+msgid "4. Download the SAML Certificate"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:43
+msgid ""
+"In the \"SAML Signing Certificate\" section, download the \"Certificate "
+"(Base64)\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid "Screenshot showing the highlighted certificate export already"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:51
+msgid "5. Configure Zammad"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:58
+msgid ""
+"IDP SSO target URL: The Login URL from the Microsoft Entra Admin Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:59
+msgid ""
+"IDP single logout target URL: The Logout URL from the Microsoft Entra Admin "
+"Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:66
+msgid "6. Assign Users"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:68
+msgid ""
+"In Microsoft Entra ID, assign the relevant users to the Zammad application "
+"to grant them access."
+msgstr ""
+
 #: ../settings/security/third-party/twitter.rst:4
 msgid ""
 "It is possible to create a quick login for your helpdesk via Twitter. To do "
diff --git a/locale/sr/LC_MESSAGES/admin-docs.po b/locale/sr/LC_MESSAGES/admin-docs.po
index c233cdd1..0c7062fb 100644
--- a/locale/sr/LC_MESSAGES/admin-docs.po
+++ b/locale/sr/LC_MESSAGES/admin-docs.po
@@ -7,8 +7,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Zammad Admin Documentation pre-release\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-11-14 11:32+0100\n"
-"PO-Revision-Date: 2024-11-19 05:00+0000\n"
+"POT-Creation-Date: 2024-11-29 15:26+0100\n"
+"PO-Revision-Date: 2024-12-04 10:00+0000\n"
 "Last-Translator: Dusan Vuckovic <dv@zammad.com>\n"
 "Language-Team: Serbian <https://translations.zammad.org/projects/"
 "documentations/admin-documentation-pre-release/sr/>\n"
@@ -27,6 +27,7 @@ msgstr "Ћаскање"
 #: ../channels/chat.rst:5 ../channels/facebook.rst:5
 #: ../misc/object-conditions/basics.rst:5
 #: ../settings/security/ssl-certificates.rst:5
+#: ../settings/security/third-party/saml.rst:5
 #: ../system/integrations/pgp/index.rst:5 ../system/objects/permissions.rst:5
 msgid "Introduction"
 msgstr "Увод"
@@ -602,7 +603,7 @@ msgstr "STARTTLS"
 
 #: ../channels/email/accounts/account-setup.rst:141
 #: ../channels/email/accounts/account-setup.rst:264
-#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:166
+#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:149
 #: ../system/integrations/i-doit.rst:74
 msgid "SSL verification"
 msgstr "SSL провера"
@@ -923,7 +924,7 @@ msgstr ""
 #: ../channels/email/accounts/account-setup.rst:288
 #: ../channels/google/basic-setup.rst:231
 #: ../channels/microsoft365/accounts/account-setup.rst:170
-#: ../settings/security/third-party/saml.rst:203
+#: ../settings/security/third-party/saml.rst:186
 #: ../system/integrations/cti/includes/troubleshooting.include.rst:2
 #: ../system/integrations/github.rst:53 ../system/integrations/gitlab.rst:46
 #: ../system/integrations/pgp/index.rst:112
@@ -2779,7 +2780,7 @@ msgstr ""
 #: ../settings/security/ssl-certificates.rst:17
 #: ../system/integrations/smime/prerequisites.rst:2
 msgid "Prerequisites"
-msgstr "Услови"
+msgstr "Предуслови"
 
 #: ../channels/facebook.rst:24
 msgid "`Meta business account <https://business.facebook.com/overview>`_"
@@ -4938,8 +4939,8 @@ msgid "OpenId permissions"
 msgstr "OpenId дозволе"
 
 #: ../channels/microsoft365/accounts/register-app.rst:87
-#: ../settings/security/third-party/saml.rst:79
-#: ../settings/security/third-party/saml.rst:85
+#: ../settings/security/third-party/saml/saml-keycloak.rst:23
+#: ../settings/security/third-party/saml/saml-keycloak.rst:29
 msgid "``email``"
 msgstr "``email``"
 
@@ -21212,64 +21213,63 @@ msgstr ""
 msgid "SAML"
 msgstr "SAML"
 
-#: ../settings/security/third-party/saml.rst:4
-msgid ""
-"Connect your SAML (Security Assertion Markup Language) identity provider as "
-"a single sign-on (SSO) method."
-msgstr ""
-"Повежите свог SAML (Security Assertion Markup Language) сервис провајдера "
-"као метод јединствене пријаве (SSO)."
-
 #: ../settings/security/third-party/saml.rst:7
 msgid ""
-"SAML is an open standard for SSO authentication (among other things). Sign-"
-"ins are shared across multiple **service providers** and managed by a "
-"central **identity provider** (IdP)."
+"Connect your SAML (Security Assertion Markup Language) identity provider as "
+"a single sign-on (SSO) method. SAML is an open standard for SSO "
+"authentication (among other things). Sign-ins are shared across multiple "
+"**service providers** and managed by a central **identity provider** (IdP)."
 msgstr ""
-"SAML је отворени стандард за SSO аутентификацију (између осталог). Пријаве "
-"су подељене на више **сервисних провајдера** и њима управља централни "
-"**провајдер идентитета** (IdP)."
+"Повежите Zammad са вашoм SAML (Security Assertion Markup Language) "
+"апликацијом за јединствену пријаву (SSO). SAML је отворени стандард за SSO "
+"аутентификацију (између осталог). Пријаве су подељене на више **сервисних "
+"провајдера** и њима управља централни **провајдер идентитета** (IdP)."
 
-#: ../settings/security/third-party/saml.rst:11
+#: ../settings/security/third-party/saml.rst:12
 msgid ""
 "In this case, the service provider is Zammad, and the IdP is a software "
-"service that you either host or subscribe to (*e.g.,* `Keycloak <https://www."
+"service that you either host or subscribe to (e.g. `Keycloak <https://www."
 "keycloak.org/>`_, `Redhat SSO Server <https://access.redhat.com/products/red-"
 "hat-single-sign-on>`_, `ADFS <https://docs.microsoft.com/en-us/windows-"
 "server/identity/active-directory-federation-services>`_, or `Okta <https://"
 "www.okta.com/>`_)."
 msgstr ""
-"У овом случају, сервисни провајдер је Zammad, а IddP је софтверски сервис "
-"који или хостујете сами или се претплатите на њега (*нпр.* `Keycloak "
+"У овом случају, сервисни провајдер је Zammad, а IdP је софтверски сервис "
+"који или хостујете сами или се претплатите на њега (нпр. `Keycloak "
 "<https://www.keycloak.org/>`_, `Redhat SSO Server <https://access.redhat.com/"
 "products/red-hat-single-sign-on>`_, `ADFS <https://docs.microsoft.com/en-us/"
 "windows-server/identity/active-directory-federation-services>`_ или `Okta "
 "<https://www.okta.com/>` _)."
 
-#: ../settings/security/third-party/saml.rst:18
+#: ../settings/security/third-party/saml.rst:19
 msgid ""
-"This guide assumes you are already using SAML within your organization (i."
-"e., that your IdP is fully set up)."
+"This guide assumes you are already using SAML within your organization (i.e. "
+"that your IdP is fully set up)."
 msgstr ""
 "Овај водич претпоставља да већ користите SAML у својој организацији (тј. да "
 "је ваш IdP у потпуности подешен)."
 
-#: ../settings/security/third-party/saml.rst:21
+#: ../settings/security/third-party/saml.rst:23
+msgid "Basic Configuration"
+msgstr "Основна подешавања"
+
+#: ../settings/security/third-party/saml.rst:25
 msgid ""
-"Please note: Our instructions are based on connecting Zammad with Keycloak."
+"This section describes the setup of an IdP in a general way. See :ref:`saml-"
+"guides` for setup guides for Keycloak and Microsoft SAML."
 msgstr ""
-"Обратите пажњу: наша упутства су базирана на повезивању Zammad-а са Keycloak-"
-"ом."
+"Овај одељак описује уопштено подашавање IdP. Погледајте :ref:`saml-guides` "
+"за водич кроз подешавања Keycloak и Microsoft SAML провајдера."
 
-#: ../settings/security/third-party/saml.rst:25
-msgid "Step 1: Configure Your IdP"
-msgstr "Корак 1: Подесите свој IdP"
+#: ../settings/security/third-party/saml.rst:29
+msgid "Configure Your IdP"
+msgstr "Подесите свој IdP"
 
-#: ../settings/security/third-party/saml.rst:28
+#: ../settings/security/third-party/saml.rst:32
 msgid "Add Zammad as a Client/App"
 msgstr "Додајте Zammad као клијента/апликацију"
 
-#: ../settings/security/third-party/saml.rst:30
+#: ../settings/security/third-party/saml.rst:34
 msgid ""
 "Import Zammad into your IdP using the XML configuration found at ``https://"
 "your.zammad.domain/auth/saml/metadata``."
@@ -21277,7 +21277,7 @@ msgstr ""
 "Увезите Zammad у свој IdP користећи XML конфигурацију која се налази на "
 "``https://your.zammad.domain/auth/saml/metadata``."
 
-#: ../settings/security/third-party/saml.rst:33
+#: ../settings/security/third-party/saml.rst:37
 msgid ""
 "If your IdP doesn't support XML import, you will have to configure Zammad as "
 "a new client/app manually using the above XML metadata file for reference."
@@ -21286,11 +21286,11 @@ msgstr ""
 "клијента/апликацију ручно, користећи горњу XML датотеку мета података као "
 "референцу."
 
-#: ../settings/security/third-party/saml.rst:36
+#: ../settings/security/third-party/saml.rst:40
 msgid "For instance, when you see this tag:"
 msgstr "На пример, када видите ову ознаку:"
 
-#: ../settings/security/third-party/saml.rst:42
+#: ../settings/security/third-party/saml.rst:46
 msgid ""
 "Set the **Assertion Consumer Service Binding URL** (sometimes also listed as "
 "**Valid Redirect URIs**) to ``http://your.zammad.domain/auth/saml/callback``."
@@ -21299,33 +21299,33 @@ msgstr ""
 "као **Valid Redirect URIs**) на ``http://your.zammad.domain/auth/saml/"
 "callback``."
 
-#: ../settings/security/third-party/saml.rst:47
+#: ../settings/security/third-party/saml.rst:51
 msgid "Set Up User Attribute Mapping"
 msgstr "Подесите мапирање корисничких атрибута"
 
-#: ../settings/security/third-party/saml.rst:49
+#: ../settings/security/third-party/saml.rst:53
 msgid ""
 "Zammad requests the following user attributes (or “properties”) from the IdP:"
 msgstr ""
 "Zammad захтева следеће корисничке атрибуте (или „properties“) од IdP-а:"
 
-#: ../settings/security/third-party/saml.rst:51
+#: ../settings/security/third-party/saml.rst:55
 msgid "Email address (``email``)"
 msgstr "Имејл адреса (``email``)"
 
-#: ../settings/security/third-party/saml.rst:52
+#: ../settings/security/third-party/saml.rst:56
 msgid "Full name (``name``)"
 msgstr "Пуно име и презиме (``name``)"
 
-#: ../settings/security/third-party/saml.rst:53
+#: ../settings/security/third-party/saml.rst:57
 msgid "Given name (``first_name``)"
 msgstr "Име (``first_name``)"
 
-#: ../settings/security/third-party/saml.rst:54
+#: ../settings/security/third-party/saml.rst:58
 msgid "Family name (``last_name``)"
 msgstr "Презиме (``last_name``)"
 
-#: ../settings/security/third-party/saml.rst:56
+#: ../settings/security/third-party/saml.rst:60
 msgid ""
 "You may need to set up “mappers” (or “mappings”) to tell your IdP how user "
 "attributes in SAML correspond to those in Zammad. For a more detailed "
@@ -21336,108 +21336,35 @@ msgstr ""
 "детаљнију анализу погледајте XML датотеку мета података наведену у "
 "претходном одељку."
 
-#: ../settings/security/third-party/saml.rst:62
-msgid "Per-IdP Instructions"
-msgstr "Упутства за IdP"
-
-#: ../settings/security/third-party/saml.rst:102
-msgid "Keycloak"
-msgstr "Keycloak"
-
-#: ../settings/security/third-party/saml.rst:65
-msgid ""
-"**To add Zammad as a client,** save the XML configuration to disk (``https://"
-"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
-"Import client** in the Keycloak admin panel."
-msgstr ""
-"**Да бисте додали Zammad као клијента,** сачувајте XML конфигурацију на диск "
-"(``https://your.zammad.domain/auth/saml/metadata``) и користите **Clients > "
-"Clients list > Import client* * у Keycloak админ панелу."
+#: ../settings/security/third-party/saml.rst:68
+msgid "Configuration Guides"
+msgstr "Водичи кроз подешавања"
 
 #: ../settings/security/third-party/saml.rst:70
-msgid ""
-"To help Zammad **match its own user accounts to Keycloak users**, create a "
-"user attribute (or “property”) mapper. In **Clients list**, click on your "
-"newly created Client ID, choose the tab **Client scopes** and click on the "
-"link which refers to your Zammad instance. Choose **Add mapper > By "
-"configuration > User Property** and create a mapper with the following "
-"entries:"
-msgstr ""
-"Да бисте помогли Zammad-у да **повеже сопствене корисничке налоге са "
-"Keycloak корисницима**, креирајте мапирање атрибута корисника (или "
-"„property“). У **Clients list** кликните на ваш новокреирани ID клијента, "
-"изаберите језичак **Client scopes** и кликните на линк који се односи на "
-"вашу Zammad инстанцу. Изаберите **Add mapper > By configuration > User "
-"Property** и додајте мапирање са следећим уносима:"
-
-#: ../settings/security/third-party/saml.rst:78
-msgid "**Name**"
-msgstr "**Name**"
-
-#: ../settings/security/third-party/saml.rst:80
-msgid "**Mapper Type**"
-msgstr "**Mapper Type**"
-
-#: ../settings/security/third-party/saml.rst:81
-msgid "``User Property``"
-msgstr "``User Property``"
+msgid "You can find specific configuration guides for:"
+msgstr "Можете пронаћи одговарајуће водиче кроз подешавања за:"
 
-#: ../settings/security/third-party/saml.rst:82
-msgid "**Property**"
-msgstr "**Property**"
-
-#: ../settings/security/third-party/saml.rst:83
-msgid "``emailAddress``"
-msgstr "``emailAddress``"
-
-#: ../settings/security/third-party/saml.rst:84
-msgid "**SAML Attribute Name**"
-msgstr "**Назив SAML атрибута**"
-
-#: ../settings/security/third-party/saml.rst:86
-msgid "**SAML Attribute NameFormat**"
-msgstr "**Формат назива SAML атрибута**"
-
-#: ../settings/security/third-party/saml.rst:87
-msgid "``basic``"
-msgstr "``basic``"
-
-#: ../settings/security/third-party/saml.rst:89
-msgid ""
-"In the example above, we're telling Zammad that whenever it receives a SAML "
-"login request, it should take the ``email`` property from Keycloak, look for "
-"a Zammad user with the same ``email`` attribute, and create a new session "
-"for that user."
-msgstr ""
-"У горњем примеру, кажемо Zammad-у да кад год прими SAML захтев за пријаву, "
-"треба да узме атрибут ``email`` од Keycloak-а, потражи Zammad корисника са "
-"истим атрибутом ``email`` и креира нову сесију за тог корисника."
+#: ../settings/security/third-party/saml.rst:72
+msgid ":doc:`Keycloak <./saml/saml-keycloak>`"
+msgstr ":doc:`Keycloak <./saml/saml-keycloak>`"
 
-#: ../settings/security/third-party/saml.rst:95
-msgid ""
-"If your Keycloak users' email addresses are stored on another property (*e."
-"g.,* ``username``), adjust accordingly."
-msgstr ""
-"Ако су имејл адресе ваших Keycloak корисника ускладиштене у другом атрибуту "
-"(*нпр.* ``username``), прилагодите мапирање у складу са тим."
+#: ../settings/security/third-party/saml.rst:73
+msgid ":doc:`Microsoft SAML <./saml/saml-microsoft>`"
+msgstr ":doc:`Microsoft SAML <./saml/saml-microsoft>`"
 
-#: ../settings/security/third-party/saml.rst:98
+#: ../settings/security/third-party/saml.rst:75
 msgid ""
-"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
-"saml/metadata``) in the field **Master SAML Processing URL**."
+"If your are using another IdP, adapt it to your needs. For a description of "
+"the fields in Zammad, read on below."
 msgstr ""
-"Вратите се у **Settings**, унесите Client ID (``https://your.zammad.domain/"
-"auth/saml/metadata``) у поље **Master SAML Processing URL**."
-
-#: ../settings/security/third-party/saml.rst:101
-msgid "You also need to enable **Sign assertions**."
-msgstr "Такође морате да укључите **Sign assertions**."
+"Уколико користите неки други IdP, прилагодите га својим потребама. За опис "
+"поља у Zammad-у, наставите испод."
 
-#: ../settings/security/third-party/saml.rst:105
-msgid "Step 2: Configure Zammad"
-msgstr "Корак 2: Подесите Zammad"
+#: ../settings/security/third-party/saml.rst:88
+msgid "General Zammad Configuration"
+msgstr "Општа Zammad подешавања"
 
-#: ../settings/security/third-party/saml.rst:107
+#: ../settings/security/third-party/saml.rst:90
 msgid ""
 "Enable SAML and enter your IdP's details in the Admin Panel under **Settings "
 "> Security > Third Party Applications > Authentication via SAML**:"
@@ -21450,11 +21377,11 @@ msgstr ""
 msgid "Example configuration of SAML part 1"
 msgstr "Пример подешавања SAML део 1"
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Display name"
 msgstr "Назив за приказ"
 
-#: ../settings/security/third-party/saml.rst:116
+#: ../settings/security/third-party/saml.rst:99
 msgid ""
 "Allows you to define a custom button name for SAML. This helps your users to "
 "understand better what the button on the login page does."
@@ -21462,29 +21389,27 @@ msgstr ""
 "Омогућава вам да одредите прилагођени назив дугмета за SAML. Ово помаже "
 "вашим корисницима да боље разумеју шта ради дугме на страници за пријаву."
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Defaults to ``SAML``."
 msgstr "Подразумевано је ``SAML``."
 
-#: ../settings/security/third-party/saml.rst:123
+#: ../settings/security/third-party/saml.rst:106
 msgid "IDP SSO target URL"
 msgstr "IDP SSO URL путања"
 
-#: ../settings/security/third-party/saml.rst:122
+#: ../settings/security/third-party/saml.rst:105
 msgid ""
 "This is the target URL Zammad shall redirect to when the user presses the "
-"SAML button. For Keycloak, this needs to look like https://your.domain/"
-"realms/your-realm/protocol/saml"
+"SAML button."
 msgstr ""
 "Ово је циљна URL адреса на коју ће Zammad преусмерити када корисник притисне "
-"SAML дугме. За Keycloak, ово треба да изгледа као https://your.domain/realms/"
-"your-realm/protocol/saml"
+"SAML дугме."
 
-#: ../settings/security/third-party/saml.rst:127
+#: ../settings/security/third-party/saml.rst:110
 msgid "IDP single logout target URL"
 msgstr "IDP URL путања јединствене одјаве"
 
-#: ../settings/security/third-party/saml.rst:126
+#: ../settings/security/third-party/saml.rst:109
 msgid ""
 "This is the URL to which the single logout request and response should be "
 "sent."
@@ -21492,11 +21417,11 @@ msgstr ""
 "Ово је URL путања на коју треба преусмерити захтеве и одговоре за "
 "јединствену одјаву."
 
-#: ../settings/security/third-party/saml.rst:131
+#: ../settings/security/third-party/saml.rst:114
 msgid "IDP certificate"
 msgstr "IDP сертификат"
 
-#: ../settings/security/third-party/saml.rst:130
+#: ../settings/security/third-party/saml.rst:113
 msgid ""
 "The public certificate of your IDP for Zammad to verify during the callback "
 "phase."
@@ -21504,11 +21429,11 @@ msgstr ""
 "Јавни сертификат вашег IDP-а који Zammad треба да провери током фазе "
 "повратног позива."
 
-#: ../settings/security/third-party/saml.rst:145
+#: ../settings/security/third-party/saml.rst:128
 msgid "IDP certificate fingerprint"
 msgstr "IDP отисак сертификата"
 
-#: ../settings/security/third-party/saml.rst:134
+#: ../settings/security/third-party/saml.rst:117
 msgid ""
 "The fingerprint of your IDPs public certificate to verify during callback "
 "phase."
@@ -21516,11 +21441,11 @@ msgstr ""
 "Отисак вашег јавног IDP сертификата за верификацију током фазе повратног "
 "позива."
 
-#: ../settings/security/third-party/saml.rst:137
+#: ../settings/security/third-party/saml.rst:120
 msgid "🔏 **For the IdP certificate / certificate fingerprint:**"
 msgstr "🔏 **За IdP сертификат / отисак сертификата:**"
 
-#: ../settings/security/third-party/saml.rst:139
+#: ../settings/security/third-party/saml.rst:122
 msgid ""
 "Provide **only one or the other**—do not provide both! (Between the two, we "
 "recommend the signing certificate itself: fingerprints use SHA-1, which `has "
@@ -21532,7 +21457,7 @@ msgstr ""
 "SHA-1 алгоритам, који је већ неко време покварен <https://www.schneier.com/"
 "blog/archives/2005/02/sha1_broken.html>`_.)"
 
-#: ../settings/security/third-party/saml.rst:144
+#: ../settings/security/third-party/saml.rst:127
 msgid ""
 "**Keycloak users:** Find your certificate in the Keycloak admin panel under "
 "**Realm Settings > Keys > Algorithm: RS256 > Certificate**."
@@ -21541,11 +21466,11 @@ msgstr ""
 "административном панелу под **Realm Settings > Keys > Algorithm: RS256 > "
 "Certificate**."
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Name identifier format"
 msgstr "Формат идентификатора назива"
 
-#: ../settings/security/third-party/saml.rst:148
+#: ../settings/security/third-party/saml.rst:131
 msgid ""
 "This is the unique identifiers field type. Usually it should be ``urn:oasis:"
 "names:tc:SAML:1.1:nameid-format:emailAddress``."
@@ -21553,15 +21478,15 @@ msgstr ""
 "Ово је типа идентификатора јединствених поља. Обично би требало да буде "
 "``urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress``."
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Zammad **expects an email address as unique identifier**!"
 msgstr "Zammad **очекује имејл адресу као јединствени идентификатор**!"
 
-#: ../settings/security/third-party/saml.rst:155
+#: ../settings/security/third-party/saml.rst:138
 msgid "UID attribute name"
 msgstr "Назив UID атрибута"
 
-#: ../settings/security/third-party/saml.rst:154
+#: ../settings/security/third-party/saml.rst:137
 msgid ""
 "Here you can define an attribute that uniquely identifies the user. If "
 "unset, the name identifier returned by the IDP is used."
@@ -21573,7 +21498,7 @@ msgstr ""
 msgid "Example configuration of SAML part 2"
 msgstr "Пример подешавања SAML део 2"
 
-#: ../settings/security/third-party/saml.rst:163
+#: ../settings/security/third-party/saml.rst:146
 msgid ""
 "Decide if the certificate for the connection to the IdP service has to be "
 "verified or not (default: ``yes``)."
@@ -21581,20 +21506,20 @@ msgstr ""
 "Одређује да ли ће сертификат за конекцију до IdP сервиса бити проверен или "
 "не (подразумевано: ``да``)."
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid "Signing & Encrypting"
 msgstr "Потписивање и шифровање"
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid ""
 "Define if you want to sign, encrypt, do both or nothing for the requests."
 msgstr "Одређује да ли желите потписивање и шифровање захтева."
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "Certificate (PEM)"
 msgstr "Сертификат (PEM)"
 
-#: ../settings/security/third-party/saml.rst:172
+#: ../settings/security/third-party/saml.rst:155
 msgid ""
 "Paste the public certificate of your Zammad SAML client, if you want to "
 "encrypt the requests."
@@ -21602,27 +21527,27 @@ msgstr ""
 "Налепите јавни сертификат вашег Zammad SAML клијента, уколико желите "
 "шифровање захтева."
 
-#: ../settings/security/third-party/saml.rst:175
+#: ../settings/security/third-party/saml.rst:158
 msgid "Make sure the certificate is:"
 msgstr "Уверите се да је сертификат:"
 
-#: ../settings/security/third-party/saml.rst:177
+#: ../settings/security/third-party/saml.rst:160
 msgid "already valid and not yet expired"
 msgstr "већ важећи и није још истекао"
 
-#: ../settings/security/third-party/saml.rst:178
+#: ../settings/security/third-party/saml.rst:161
 msgid "no CA certificate"
 msgstr "није CA сертификат"
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "valid for signing and encrypting"
 msgstr "важећи за потписивање и шифровање"
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Private key (PEM)"
 msgstr "Тајни кључ (PEM)"
 
-#: ../settings/security/third-party/saml.rst:182
+#: ../settings/security/third-party/saml.rst:165
 msgid ""
 "Paste the private key of your Zammad SAML client here, if you want to sign "
 "the requests."
@@ -21630,23 +21555,23 @@ msgstr ""
 "Налепите тајни кључ вашег Zammad SAML клијента, уколико желите потписивање "
 "захтева."
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Make sure the key is an RSA key with a length of at least 2048 bits."
 msgstr "Уверите се да је тајни кључ RSA дужине од најмање 2048 бита."
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "Private key secret"
 msgstr "Лозинка тајног кључа"
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "If your private key is secured with a secret, you can provide it here."
 msgstr "Уколико је ваш тајни кључ обезбеђен лозинком, можете је унети овде."
 
-#: ../settings/security/third-party/saml.rst:192
+#: ../settings/security/third-party/saml.rst:175
 msgid "Your callback URL"
 msgstr "Ваш URL повратног позива"
 
-#: ../settings/security/third-party/saml.rst:191
+#: ../settings/security/third-party/saml.rst:174
 msgid ""
 "This URL is needed for your IdP configuration so it knows where to redirect "
 "to after successful authentication."
@@ -21654,7 +21579,7 @@ msgstr ""
 "Ова URL адреса је потребна за вашу IDP конфигурацију како би знала где да "
 "преусмери корисника након успешне аутентификације."
 
-#: ../settings/security/third-party/saml.rst:194
+#: ../settings/security/third-party/saml.rst:177
 msgid ""
 "After saving your input by clicking on the \"Submit\" button, Zammad "
 "verifies the provided keys/certificates (e.g. if they are valid for signing/"
@@ -21664,7 +21589,7 @@ msgstr ""
 "достављене кључеве/сертификате (нпр. да ли су важећи за потписивање/"
 "шифровање и да нису истекли."
 
-#: ../settings/security/third-party/saml.rst:199
+#: ../settings/security/third-party/saml.rst:182
 msgid ""
 "See :ref:`automatic account linking <automatic-account-linking>` for details "
 "on how to link existing Zammad accounts to IdP accounts."
@@ -21672,17 +21597,317 @@ msgstr ""
 "Погледајте :ref:`аутоматско повезивање налога <automatic-account-linking>` "
 "за детаље о томе како да повежете постојеће Zammad налоге са IdP налозима."
 
-#: ../settings/security/third-party/saml.rst:205
+#: ../settings/security/third-party/saml.rst:188
 msgid "Automatic account linking doesn't work"
 msgstr "Аутоматско повезивање налога не функционише"
 
-#: ../settings/security/third-party/saml.rst:206
+#: ../settings/security/third-party/saml.rst:189
 msgid ""
 "Have you double-checked your IdP's user attribute mapping configuration?"
 msgstr ""
 "Да ли сте још једном проверили подешавање мапирања корисничких атрибута "
 "вашег IdP-а?"
 
+#: ../settings/security/third-party/saml/saml-keycloak.rst:2
+msgid "SAML with Keycloak"
+msgstr "SAML са Keycloak-ом"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:5
+msgid "Step 1: Keycloak Configuration"
+msgstr "Корак 1. Keycloak подешавања"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:7
+msgid ""
+"**To add Zammad as a client,** save the XML configuration to disk (``https://"
+"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
+"Import client** in the Keycloak admin panel."
+msgstr ""
+"**Да бисте додали Zammad као клијента,** сачувајте XML конфигурацију на диск "
+"(``https://your.zammad.domain/auth/saml/metadata``) и користите **Clients > "
+"Clients list > Import client* * у Keycloak админ панелу."
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:13
+msgid ""
+"To help Zammad **match its own user accounts to Keycloak users**, create a "
+"user attribute (or “property”) mapper. In **Clients list**, click on your "
+"newly created Client ID, choose the tab **Client scopes** and click on the "
+"link which refers to your Zammad instance. Choose **Add mapper > By "
+"configuration > User Property** and create a mapper with the following "
+"entries:"
+msgstr ""
+"Да бисте помогли Zammad-у да **повеже сопствене корисничке налоге са "
+"Keycloak корисницима**, креирајте мапирање атрибута корисника (или "
+"„property“). У **Clients list** кликните на ваш новокреирани ID клијента, "
+"изаберите језичак **Client scopes** и кликните на линк који се односи на "
+"вашу Zammad инстанцу. Изаберите **Add mapper > By configuration > User "
+"Property** и додајте мапирање са следећим уносима:"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:22
+msgid "**Name**"
+msgstr "**Name**"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:24
+msgid "**Mapper Type**"
+msgstr "**Mapper Type**"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:25
+msgid "``User Property``"
+msgstr "``User Property``"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:26
+msgid "**Property**"
+msgstr "**Property**"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:27
+msgid "``emailAddress``"
+msgstr "``emailAddress``"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:28
+msgid "**SAML Attribute Name**"
+msgstr "**Назив SAML атрибута**"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:30
+msgid "**SAML Attribute NameFormat**"
+msgstr "**Формат назива SAML атрибута**"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:31
+msgid "``basic``"
+msgstr "``basic``"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:33
+msgid ""
+"In the example above, we're telling Zammad that whenever it receives a SAML "
+"login request, it should take the ``email`` property from Keycloak, look for "
+"a Zammad user with the same ``email`` attribute, and create a new session "
+"for that user."
+msgstr ""
+"У горњем примеру, кажемо Zammad-у да кад год прими SAML захтев за пријаву, "
+"треба да узме атрибут ``email`` од Keycloak-а, потражи Zammad корисника са "
+"истим атрибутом ``email`` и креира нову сесију за тог корисника."
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:39
+msgid ""
+"If your Keycloak users' email addresses are stored on another property (*e."
+"g.,* ``username``), adjust accordingly."
+msgstr ""
+"Ако су имејл адресе ваших Keycloak корисника ускладиштене у другом атрибуту "
+"(*нпр.* ``username``), прилагодите мапирање у складу са тим."
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:42
+msgid ""
+"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
+"saml/metadata``) in the field **Master SAML Processing URL**."
+msgstr ""
+"Вратите се у **Settings**, унесите Client ID (``https://your.zammad.domain/"
+"auth/saml/metadata``) у поље **Master SAML Processing URL**."
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:46
+msgid "You also need to enable **Sign assertions**."
+msgstr "Такође морате да укључите **Sign assertions**."
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:49
+msgid "2. Configure Zammad"
+msgstr "2. Подесите Zammad"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:51
+#: ../settings/security/third-party/saml/saml-microsoft.rst:53
+msgid "Log in to Zammad as an administrator"
+msgstr "Пријавите се у Zammad као администратор"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:52
+#: ../settings/security/third-party/saml/saml-microsoft.rst:54
+msgid ""
+"In the admin panel go to \"Settings\" > \"Security\" > \"Third-party "
+"Applications\" > \"Authentication via SAML\""
+msgstr ""
+"Идите у администраторском панелу на „Подешавања” > „Безбедност” > „"
+"Апликације трећег лица” > „Аутентификација путем SAML”"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:54
+#: ../settings/security/third-party/saml/saml-microsoft.rst:56
+msgid "Provide the following information:"
+msgstr "Обезбедите следеће информације:"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:56
+msgid ""
+"SAML IdP Login URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+"SAML IdP URL пријаве: ``https://your.domain/realms/your-realm/protocol/saml``"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:57
+msgid ""
+"SAML IdP Logout URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+"SAML IdP URL одјаве: ``https://your.domain/realms/your-realm/protocol/saml``"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:59
+#: ../settings/security/third-party/saml/saml-microsoft.rst:61
+msgid ""
+"Name Identifier Format: ``urn:oasis:names:tc:SAML:1.1:nameid-format:"
+"emailAddress``"
+msgstr ""
+"Формат идентификатора назива: ``urn:oasis:names:tc:SAML:1.1:nameid-"
+"format:emailAddress``"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:60
+#: ../settings/security/third-party/saml/saml-microsoft.rst:62
+msgid ""
+"SAML IdP Certificate: Upload the previously downloaded Base64 certificate."
+msgstr "SAML IdP сертификат: отпремите претходно преузет Base64 сертификат."
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:61
+#: ../settings/security/third-party/saml/saml-microsoft.rst:63
+msgid "Save the settings"
+msgstr "Сачувајте подешавања"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:64
+#: ../settings/security/third-party/saml/saml-microsoft.rst:72
+msgid ""
+"Read on at :ref:`saml-zammad` for a description of the specific fields in "
+"Zammad."
+msgstr "Погледајте :ref:`saml-zammad` за опис појединалних поља у Zammad-у."
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:2
+msgid "SAML with Microsoft 365"
+msgstr "SAML са Microsoft 365"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:5
+msgid "1. Register Zammad as an Application in Microsoft Entra ID"
+msgstr "1. Региструјте Zammad као апликацију у Microsoft Entra ID"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:7
+msgid "Log in to the Microsoft Entra admin center with administrative rights"
+msgstr ""
+"Пијавите се у Microsoft Entra администраторски панел са одговарајућим "
+"дозволама"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:8
+msgid ""
+"Navigate to \"Identity\" > \"Applications\" > \"Enterprise Applications\""
+msgstr "Идите на „Identity” > „Applications” > „Enterprise Applications”"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:9
+msgid "Click \"New Application\" and select \"Create your own application\""
+msgstr "Кликните на „New Application” и одаберите „Create your own application”"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:10
+msgid "Enter a name for the application, e.g. \"Zammad SAML Integration\""
+msgstr "Унесите назив апликације, нпр. „Zammad SAML Integration”"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:11
+msgid ""
+"Choose \"Integrate any other application you don't find in the gallery\", "
+"then click \"Create\""
+msgstr ""
+"Одаберите „Integrate any other application you don't find in the gallery”, "
+"па кликните на „Create”"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:15
+msgid "2. Configure SAML-based Single Sign-On (SSO)"
+msgstr "2. Подесите SAML јединствену пријаву (SSO)"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:17
+msgid "After the application is created, go to its overview page"
+msgstr "Након креирања апликације, идите на преглед"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:18
+msgid "Select \"Single sign-on\" from the left-hand menu"
+msgstr "Одаберите „Single sign-on” из менија са леве стране"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:19
+msgid "Choose \"SAML\" as the sign-on method"
+msgstr "Одаберите „SAML” као метод пријаве"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:20
+msgid "In the \"Basic SAML Configuration\" section, click \"Edit\":"
+msgstr "У одељку „Basic SAML Configuration”, кликните на „Edit”:"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:22
+msgid ""
+"Identifier (Entity ID): Use Zammad's Entity ID, which can be found at "
+"``https://your.zammad.domain/auth/saml/metadata``"
+msgstr ""
+"Идентификатор (Entity ID): искористите Zammad-ov Entity ID, који моћете "
+"пронаћи на ``https://your.zammad.domain/auth/saml/metadata``"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:24
+msgid ""
+"Reply URL (Assertion Consumer Service URL): Set it to ``https://your.zammad."
+"domain/auth/saml/callback``"
+msgstr ""
+"URL адреса одговора (Assertion Consumer Service URL): поставите на "
+"``https://your.zammad.domain/auth/saml/callback``"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:27
+msgid "Save the configuration"
+msgstr "Сачувајте подешавања"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:30
+msgid "3. Configure User Attributes and Claims Mapping"
+msgstr "3. Подесите мапирање корисничких атрибута и захтева"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:32
+msgid ""
+"In the \"Attributes & Claims\" section, click \"Edit\". By default, some "
+"claims like User Principal Name, Email Address, First Name, and Last Name "
+"are already configured."
+msgstr ""
+"У одељку „Attributes & Claims”, кликните на „Edit”. Подразумевано, неки "
+"захтеви као „User Principal Name”, „Email Address”, „First Name” и „Last "
+"Name” су већ подешени."
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid ""
+"Screenshots showing \"Attribute & Claims\" configuration in Entra admin "
+"center"
+msgstr ""
+"Снимак екрана који приказује „Attribute & Claims” подешавања у Entra "
+"администраторском панелу"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:41
+msgid "4. Download the SAML Certificate"
+msgstr "4. Преузмите SAML сертификат"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:43
+msgid ""
+"In the \"SAML Signing Certificate\" section, download the \"Certificate "
+"(Base64)\":"
+msgstr "У одељку „SAML Signing Certificate”, преузмите „Certificate (Base64)”:"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid "Screenshot showing the highlighted certificate export already"
+msgstr "Снимак екрана који приказује већ наглашен извоз сертификата"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:51
+msgid "5. Configure Zammad"
+msgstr "5. Подесите Zammad"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:58
+msgid ""
+"IDP SSO target URL: The Login URL from the Microsoft Entra Admin Center."
+msgstr ""
+"IDP SSO URL путања: URL пријаве из Microsoft Entra администраторског панела."
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:59
+msgid ""
+"IDP single logout target URL: The Logout URL from the Microsoft Entra Admin "
+"Center."
+msgstr ""
+"IDP Single Logout URL путања: URL одјаве из Microsoft Entra "
+"администраторског панела."
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:66
+msgid "6. Assign Users"
+msgstr "6. Доделите кориснике"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:68
+msgid ""
+"In Microsoft Entra ID, assign the relevant users to the Zammad application "
+"to grant them access."
+msgstr ""
+"У Microsoft Entra ID, доделите одговрајуће кориснике Zammad апликацији и "
+"доделите им приступ."
+
 #: ../settings/security/third-party/twitter.rst:4
 msgid ""
 "It is possible to create a quick login for your helpdesk via Twitter. To do "
@@ -31846,6 +32071,23 @@ msgstr "Верзија"
 msgid "Shows which version is currently being used on your Zammad-instance."
 msgstr "Приказује која верзија се користи тренутно на вашој Zammad инстанци."
 
+#~ msgid ""
+#~ "Connect your SAML (Security Assertion Markup Language) identity provider "
+#~ "as a single sign-on (SSO) method."
+#~ msgstr ""
+#~ "Повежите свог SAML (Security Assertion Markup Language) сервис провајдера "
+#~ "као метод јединствене пријаве (SSO)."
+
+#~ msgid ""
+#~ "Please note: Our instructions are based on connecting Zammad with "
+#~ "Keycloak."
+#~ msgstr ""
+#~ "Обратите пажњу: наша упутства су базирана на повезивању Zammad-а са "
+#~ "Keycloak-ом."
+
+#~ msgid "Per-IdP Instructions"
+#~ msgstr "Упутства за IdP"
+
 #~ msgid ""
 #~ "Disabling this flag is a soft alternative to deleting a user. So what's "
 #~ "the difference?"
diff --git a/locale/sv/LC_MESSAGES/admin-docs.po b/locale/sv/LC_MESSAGES/admin-docs.po
index 28edfe6b..bc801cc0 100644
--- a/locale/sv/LC_MESSAGES/admin-docs.po
+++ b/locale/sv/LC_MESSAGES/admin-docs.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Zammad\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-11-14 11:32+0100\n"
+"POT-Creation-Date: 2024-11-29 15:26+0100\n"
 "PO-Revision-Date: 2024-10-25 11:00+0000\n"
 "Last-Translator: chrand818 <can@telenabler.com>\n"
 "Language-Team: Swedish <https://translations.zammad.org/projects/"
@@ -27,6 +27,7 @@ msgstr "Chat"
 #: ../channels/chat.rst:5 ../channels/facebook.rst:5
 #: ../misc/object-conditions/basics.rst:5
 #: ../settings/security/ssl-certificates.rst:5
+#: ../settings/security/third-party/saml.rst:5
 #: ../system/integrations/pgp/index.rst:5 ../system/objects/permissions.rst:5
 msgid "Introduction"
 msgstr "Introduktion"
@@ -511,7 +512,7 @@ msgstr ""
 
 #: ../channels/email/accounts/account-setup.rst:141
 #: ../channels/email/accounts/account-setup.rst:264
-#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:166
+#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:149
 #: ../system/integrations/i-doit.rst:74
 msgid "SSL verification"
 msgstr ""
@@ -776,7 +777,7 @@ msgstr ""
 #: ../channels/email/accounts/account-setup.rst:288
 #: ../channels/google/basic-setup.rst:231
 #: ../channels/microsoft365/accounts/account-setup.rst:170
-#: ../settings/security/third-party/saml.rst:203
+#: ../settings/security/third-party/saml.rst:186
 #: ../system/integrations/cti/includes/troubleshooting.include.rst:2
 #: ../system/integrations/github.rst:53 ../system/integrations/gitlab.rst:46
 #: ../system/integrations/pgp/index.rst:112
@@ -4034,8 +4035,8 @@ msgid "OpenId permissions"
 msgstr ""
 
 #: ../channels/microsoft365/accounts/register-app.rst:87
-#: ../settings/security/third-party/saml.rst:79
-#: ../settings/security/third-party/saml.rst:85
+#: ../settings/security/third-party/saml/saml-keycloak.rst:23
+#: ../settings/security/third-party/saml/saml-keycloak.rst:29
 msgid "``email``"
 msgstr ""
 
@@ -17858,188 +17859,135 @@ msgstr ""
 msgid "SAML"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:4
-msgid ""
-"Connect your SAML (Security Assertion Markup Language) identity provider as "
-"a single sign-on (SSO) method."
-msgstr ""
-
 #: ../settings/security/third-party/saml.rst:7
 msgid ""
-"SAML is an open standard for SSO authentication (among other things). Sign-"
-"ins are shared across multiple **service providers** and managed by a "
-"central **identity provider** (IdP)."
+"Connect your SAML (Security Assertion Markup Language) identity provider as "
+"a single sign-on (SSO) method. SAML is an open standard for SSO "
+"authentication (among other things). Sign-ins are shared across multiple "
+"**service providers** and managed by a central **identity provider** (IdP)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:11
+#: ../settings/security/third-party/saml.rst:12
 msgid ""
 "In this case, the service provider is Zammad, and the IdP is a software "
-"service that you either host or subscribe to (*e.g.,* `Keycloak <https://www."
+"service that you either host or subscribe to (e.g. `Keycloak <https://www."
 "keycloak.org/>`_, `Redhat SSO Server <https://access.redhat.com/products/red-"
 "hat-single-sign-on>`_, `ADFS <https://docs.microsoft.com/en-us/windows-"
 "server/identity/active-directory-federation-services>`_, or `Okta <https://"
 "www.okta.com/>`_)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:18
+#: ../settings/security/third-party/saml.rst:19
 msgid ""
-"This guide assumes you are already using SAML within your organization (i."
-"e., that your IdP is fully set up)."
+"This guide assumes you are already using SAML within your organization (i.e. "
+"that your IdP is fully set up)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:21
+#: ../settings/security/third-party/saml.rst:23
+#, fuzzy
+#| msgid "Configuration"
+msgid "Basic Configuration"
+msgstr "Konfiguration"
+
+#: ../settings/security/third-party/saml.rst:25
 msgid ""
-"Please note: Our instructions are based on connecting Zammad with Keycloak."
+"This section describes the setup of an IdP in a general way. See :ref:`saml-"
+"guides` for setup guides for Keycloak and Microsoft SAML."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:25
-msgid "Step 1: Configure Your IdP"
+#: ../settings/security/third-party/saml.rst:29
+msgid "Configure Your IdP"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:28
+#: ../settings/security/third-party/saml.rst:32
 msgid "Add Zammad as a Client/App"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:30
+#: ../settings/security/third-party/saml.rst:34
 msgid ""
 "Import Zammad into your IdP using the XML configuration found at ``https://"
 "your.zammad.domain/auth/saml/metadata``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:33
+#: ../settings/security/third-party/saml.rst:37
 msgid ""
 "If your IdP doesn't support XML import, you will have to configure Zammad as "
 "a new client/app manually using the above XML metadata file for reference."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:36
+#: ../settings/security/third-party/saml.rst:40
 msgid "For instance, when you see this tag:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:42
+#: ../settings/security/third-party/saml.rst:46
 msgid ""
 "Set the **Assertion Consumer Service Binding URL** (sometimes also listed as "
 "**Valid Redirect URIs**) to ``http://your.zammad.domain/auth/saml/callback``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:47
+#: ../settings/security/third-party/saml.rst:51
 msgid "Set Up User Attribute Mapping"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:49
+#: ../settings/security/third-party/saml.rst:53
 msgid ""
 "Zammad requests the following user attributes (or “properties”) from the IdP:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:51
+#: ../settings/security/third-party/saml.rst:55
 msgid "Email address (``email``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:52
+#: ../settings/security/third-party/saml.rst:56
 msgid "Full name (``name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:53
+#: ../settings/security/third-party/saml.rst:57
 msgid "Given name (``first_name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:54
+#: ../settings/security/third-party/saml.rst:58
 msgid "Family name (``last_name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:56
+#: ../settings/security/third-party/saml.rst:60
 msgid ""
 "You may need to set up “mappers” (or “mappings”) to tell your IdP how user "
 "attributes in SAML correspond to those in Zammad. For a more detailed "
 "breakdown, refer to the XML metadata file referenced in the previous section."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:62
-msgid "Per-IdP Instructions"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:102
-msgid "Keycloak"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:65
-msgid ""
-"**To add Zammad as a client,** save the XML configuration to disk (``https://"
-"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
-"Import client** in the Keycloak admin panel."
-msgstr ""
+#: ../settings/security/third-party/saml.rst:68
+#, fuzzy
+#| msgid "Configuration"
+msgid "Configuration Guides"
+msgstr "Konfiguration"
 
 #: ../settings/security/third-party/saml.rst:70
-msgid ""
-"To help Zammad **match its own user accounts to Keycloak users**, create a "
-"user attribute (or “property”) mapper. In **Clients list**, click on your "
-"newly created Client ID, choose the tab **Client scopes** and click on the "
-"link which refers to your Zammad instance. Choose **Add mapper > By "
-"configuration > User Property** and create a mapper with the following "
-"entries:"
+msgid "You can find specific configuration guides for:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:78
-msgid "**Name**"
+#: ../settings/security/third-party/saml.rst:72
+msgid ":doc:`Keycloak <./saml/saml-keycloak>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:80
-msgid "**Mapper Type**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:81
-msgid "``User Property``"
+#: ../settings/security/third-party/saml.rst:73
+msgid ":doc:`Microsoft SAML <./saml/saml-microsoft>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:82
-msgid "**Property**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:83
-msgid "``emailAddress``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:84
-msgid "**SAML Attribute Name**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:86
-msgid "**SAML Attribute NameFormat**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:87
-msgid "``basic``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:89
-msgid ""
-"In the example above, we're telling Zammad that whenever it receives a SAML "
-"login request, it should take the ``email`` property from Keycloak, look for "
-"a Zammad user with the same ``email`` attribute, and create a new session "
-"for that user."
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:95
+#: ../settings/security/third-party/saml.rst:75
 msgid ""
-"If your Keycloak users' email addresses are stored on another property (*e."
-"g.,* ``username``), adjust accordingly."
+"If your are using another IdP, adapt it to your needs. For a description of "
+"the fields in Zammad, read on below."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:98
-msgid ""
-"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
-"saml/metadata``) in the field **Master SAML Processing URL**."
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:101
-msgid "You also need to enable **Sign assertions**."
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:105
-msgid "Step 2: Configure Zammad"
-msgstr ""
+#: ../settings/security/third-party/saml.rst:88
+#, fuzzy
+#| msgid "Configuration"
+msgid "General Zammad Configuration"
+msgstr "Konfiguration"
 
-#: ../settings/security/third-party/saml.rst:107
+#: ../settings/security/third-party/saml.rst:90
 msgid ""
 "Enable SAML and enter your IdP's details in the Admin Panel under **Settings "
 "> Security > Third Party Applications > Authentication via SAML**:"
@@ -18049,66 +17997,65 @@ msgstr ""
 msgid "Example configuration of SAML part 1"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Display name"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:116
+#: ../settings/security/third-party/saml.rst:99
 msgid ""
 "Allows you to define a custom button name for SAML. This helps your users to "
 "understand better what the button on the login page does."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Defaults to ``SAML``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:123
+#: ../settings/security/third-party/saml.rst:106
 msgid "IDP SSO target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:122
+#: ../settings/security/third-party/saml.rst:105
 msgid ""
 "This is the target URL Zammad shall redirect to when the user presses the "
-"SAML button. For Keycloak, this needs to look like https://your.domain/"
-"realms/your-realm/protocol/saml"
+"SAML button."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:127
+#: ../settings/security/third-party/saml.rst:110
 msgid "IDP single logout target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:126
+#: ../settings/security/third-party/saml.rst:109
 msgid ""
 "This is the URL to which the single logout request and response should be "
 "sent."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:131
+#: ../settings/security/third-party/saml.rst:114
 msgid "IDP certificate"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:130
+#: ../settings/security/third-party/saml.rst:113
 msgid ""
 "The public certificate of your IDP for Zammad to verify during the callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:145
+#: ../settings/security/third-party/saml.rst:128
 msgid "IDP certificate fingerprint"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:134
+#: ../settings/security/third-party/saml.rst:117
 msgid ""
 "The fingerprint of your IDPs public certificate to verify during callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:137
+#: ../settings/security/third-party/saml.rst:120
 msgid "🔏 **For the IdP certificate / certificate fingerprint:**"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:139
+#: ../settings/security/third-party/saml.rst:122
 msgid ""
 "Provide **only one or the other**—do not provide both! (Between the two, we "
 "recommend the signing certificate itself: fingerprints use SHA-1, which `has "
@@ -18116,31 +18063,31 @@ msgid ""
 "sha1_broken.html>`_.)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:144
+#: ../settings/security/third-party/saml.rst:127
 msgid ""
 "**Keycloak users:** Find your certificate in the Keycloak admin panel under "
 "**Realm Settings > Keys > Algorithm: RS256 > Certificate**."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Name identifier format"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:148
+#: ../settings/security/third-party/saml.rst:131
 msgid ""
 "This is the unique identifiers field type. Usually it should be ``urn:oasis:"
 "names:tc:SAML:1.1:nameid-format:emailAddress``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Zammad **expects an email address as unique identifier**!"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:155
+#: ../settings/security/third-party/saml.rst:138
 msgid "UID attribute name"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:154
+#: ../settings/security/third-party/saml.rst:137
 msgid ""
 "Here you can define an attribute that uniquely identifies the user. If "
 "unset, the name identifier returned by the IDP is used."
@@ -18150,101 +18097,367 @@ msgstr ""
 msgid "Example configuration of SAML part 2"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:163
+#: ../settings/security/third-party/saml.rst:146
 msgid ""
 "Decide if the certificate for the connection to the IdP service has to be "
 "verified or not (default: ``yes``)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid "Signing & Encrypting"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid ""
 "Define if you want to sign, encrypt, do both or nothing for the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "Certificate (PEM)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:172
+#: ../settings/security/third-party/saml.rst:155
 msgid ""
 "Paste the public certificate of your Zammad SAML client, if you want to "
 "encrypt the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:175
+#: ../settings/security/third-party/saml.rst:158
 msgid "Make sure the certificate is:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:177
+#: ../settings/security/third-party/saml.rst:160
 msgid "already valid and not yet expired"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:178
+#: ../settings/security/third-party/saml.rst:161
 msgid "no CA certificate"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "valid for signing and encrypting"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Private key (PEM)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:182
+#: ../settings/security/third-party/saml.rst:165
 msgid ""
 "Paste the private key of your Zammad SAML client here, if you want to sign "
 "the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Make sure the key is an RSA key with a length of at least 2048 bits."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "Private key secret"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "If your private key is secured with a secret, you can provide it here."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:192
+#: ../settings/security/third-party/saml.rst:175
 msgid "Your callback URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:191
+#: ../settings/security/third-party/saml.rst:174
 msgid ""
 "This URL is needed for your IdP configuration so it knows where to redirect "
 "to after successful authentication."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:194
+#: ../settings/security/third-party/saml.rst:177
 msgid ""
 "After saving your input by clicking on the \"Submit\" button, Zammad "
 "verifies the provided keys/certificates (e.g. if they are valid for signing/"
 "encrypting and if they aren't expired)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:199
+#: ../settings/security/third-party/saml.rst:182
 msgid ""
 "See :ref:`automatic account linking <automatic-account-linking>` for details "
 "on how to link existing Zammad accounts to IdP accounts."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:205
+#: ../settings/security/third-party/saml.rst:188
 msgid "Automatic account linking doesn't work"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:206
+#: ../settings/security/third-party/saml.rst:189
 msgid ""
 "Have you double-checked your IdP's user attribute mapping configuration?"
 msgstr ""
 
+#: ../settings/security/third-party/saml/saml-keycloak.rst:2
+msgid "SAML with Keycloak"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:5
+#, fuzzy
+#| msgid "Configuration"
+msgid "Step 1: Keycloak Configuration"
+msgstr "Konfiguration"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:7
+msgid ""
+"**To add Zammad as a client,** save the XML configuration to disk (``https://"
+"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
+"Import client** in the Keycloak admin panel."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:13
+msgid ""
+"To help Zammad **match its own user accounts to Keycloak users**, create a "
+"user attribute (or “property”) mapper. In **Clients list**, click on your "
+"newly created Client ID, choose the tab **Client scopes** and click on the "
+"link which refers to your Zammad instance. Choose **Add mapper > By "
+"configuration > User Property** and create a mapper with the following "
+"entries:"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:22
+msgid "**Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:24
+msgid "**Mapper Type**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:25
+msgid "``User Property``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:26
+msgid "**Property**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:27
+msgid "``emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:28
+msgid "**SAML Attribute Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:30
+msgid "**SAML Attribute NameFormat**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:31
+msgid "``basic``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:33
+msgid ""
+"In the example above, we're telling Zammad that whenever it receives a SAML "
+"login request, it should take the ``email`` property from Keycloak, look for "
+"a Zammad user with the same ``email`` attribute, and create a new session "
+"for that user."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:39
+msgid ""
+"If your Keycloak users' email addresses are stored on another property (*e."
+"g.,* ``username``), adjust accordingly."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:42
+msgid ""
+"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
+"saml/metadata``) in the field **Master SAML Processing URL**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:46
+msgid "You also need to enable **Sign assertions**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:49
+msgid "2. Configure Zammad"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:51
+#: ../settings/security/third-party/saml/saml-microsoft.rst:53
+msgid "Log in to Zammad as an administrator"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:52
+#: ../settings/security/third-party/saml/saml-microsoft.rst:54
+msgid ""
+"In the admin panel go to \"Settings\" > \"Security\" > \"Third-party "
+"Applications\" > \"Authentication via SAML\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:54
+#: ../settings/security/third-party/saml/saml-microsoft.rst:56
+msgid "Provide the following information:"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:56
+msgid ""
+"SAML IdP Login URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:57
+msgid ""
+"SAML IdP Logout URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:59
+#: ../settings/security/third-party/saml/saml-microsoft.rst:61
+msgid ""
+"Name Identifier Format: ``urn:oasis:names:tc:SAML:1.1:nameid-format:"
+"emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:60
+#: ../settings/security/third-party/saml/saml-microsoft.rst:62
+msgid ""
+"SAML IdP Certificate: Upload the previously downloaded Base64 certificate."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:61
+#: ../settings/security/third-party/saml/saml-microsoft.rst:63
+#, fuzzy
+#| msgid "Settings"
+msgid "Save the settings"
+msgstr "Inställningar"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:64
+#: ../settings/security/third-party/saml/saml-microsoft.rst:72
+msgid ""
+"Read on at :ref:`saml-zammad` for a description of the specific fields in "
+"Zammad."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:2
+msgid "SAML with Microsoft 365"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:5
+msgid "1. Register Zammad as an Application in Microsoft Entra ID"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:7
+msgid "Log in to the Microsoft Entra admin center with administrative rights"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:8
+msgid ""
+"Navigate to \"Identity\" > \"Applications\" > \"Enterprise Applications\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:9
+msgid "Click \"New Application\" and select \"Create your own application\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:10
+msgid "Enter a name for the application, e.g. \"Zammad SAML Integration\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:11
+msgid ""
+"Choose \"Integrate any other application you don't find in the gallery\", "
+"then click \"Create\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:15
+msgid "2. Configure SAML-based Single Sign-On (SSO)"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:17
+msgid "After the application is created, go to its overview page"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:18
+msgid "Select \"Single sign-on\" from the left-hand menu"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:19
+msgid "Choose \"SAML\" as the sign-on method"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:20
+msgid "In the \"Basic SAML Configuration\" section, click \"Edit\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:22
+msgid ""
+"Identifier (Entity ID): Use Zammad's Entity ID, which can be found at "
+"``https://your.zammad.domain/auth/saml/metadata``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:24
+msgid ""
+"Reply URL (Assertion Consumer Service URL): Set it to ``https://your.zammad."
+"domain/auth/saml/callback``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:27
+#, fuzzy
+#| msgid "Configuration"
+msgid "Save the configuration"
+msgstr "Konfiguration"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:30
+msgid "3. Configure User Attributes and Claims Mapping"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:32
+msgid ""
+"In the \"Attributes & Claims\" section, click \"Edit\". By default, some "
+"claims like User Principal Name, Email Address, First Name, and Last Name "
+"are already configured."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid ""
+"Screenshots showing \"Attribute & Claims\" configuration in Entra admin "
+"center"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:41
+msgid "4. Download the SAML Certificate"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:43
+msgid ""
+"In the \"SAML Signing Certificate\" section, download the \"Certificate "
+"(Base64)\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid "Screenshot showing the highlighted certificate export already"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:51
+msgid "5. Configure Zammad"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:58
+msgid ""
+"IDP SSO target URL: The Login URL from the Microsoft Entra Admin Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:59
+msgid ""
+"IDP single logout target URL: The Logout URL from the Microsoft Entra Admin "
+"Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:66
+msgid "6. Assign Users"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:68
+msgid ""
+"In Microsoft Entra ID, assign the relevant users to the Zammad application "
+"to grant them access."
+msgstr ""
+
 #: ../settings/security/third-party/twitter.rst:4
 msgid ""
 "It is possible to create a quick login for your helpdesk via Twitter. To do "
diff --git a/locale/th/LC_MESSAGES/admin-docs.po b/locale/th/LC_MESSAGES/admin-docs.po
index 92775386..65f9758d 100644
--- a/locale/th/LC_MESSAGES/admin-docs.po
+++ b/locale/th/LC_MESSAGES/admin-docs.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Zammad\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-11-14 11:32+0100\n"
+"POT-Creation-Date: 2024-11-29 15:26+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: Automatically generated\n"
 "Language-Team: none\n"
@@ -23,6 +23,7 @@ msgstr ""
 #: ../channels/chat.rst:5 ../channels/facebook.rst:5
 #: ../misc/object-conditions/basics.rst:5
 #: ../settings/security/ssl-certificates.rst:5
+#: ../settings/security/third-party/saml.rst:5
 #: ../system/integrations/pgp/index.rst:5 ../system/objects/permissions.rst:5
 msgid "Introduction"
 msgstr ""
@@ -505,7 +506,7 @@ msgstr ""
 
 #: ../channels/email/accounts/account-setup.rst:141
 #: ../channels/email/accounts/account-setup.rst:264
-#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:166
+#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:149
 #: ../system/integrations/i-doit.rst:74
 msgid "SSL verification"
 msgstr ""
@@ -770,7 +771,7 @@ msgstr ""
 #: ../channels/email/accounts/account-setup.rst:288
 #: ../channels/google/basic-setup.rst:231
 #: ../channels/microsoft365/accounts/account-setup.rst:170
-#: ../settings/security/third-party/saml.rst:203
+#: ../settings/security/third-party/saml.rst:186
 #: ../system/integrations/cti/includes/troubleshooting.include.rst:2
 #: ../system/integrations/github.rst:53 ../system/integrations/gitlab.rst:46
 #: ../system/integrations/pgp/index.rst:112
@@ -4027,8 +4028,8 @@ msgid "OpenId permissions"
 msgstr ""
 
 #: ../channels/microsoft365/accounts/register-app.rst:87
-#: ../settings/security/third-party/saml.rst:79
-#: ../settings/security/third-party/saml.rst:85
+#: ../settings/security/third-party/saml/saml-keycloak.rst:23
+#: ../settings/security/third-party/saml/saml-keycloak.rst:29
 msgid "``email``"
 msgstr ""
 
@@ -17847,188 +17848,129 @@ msgstr ""
 msgid "SAML"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:4
-msgid ""
-"Connect your SAML (Security Assertion Markup Language) identity provider as "
-"a single sign-on (SSO) method."
-msgstr ""
-
 #: ../settings/security/third-party/saml.rst:7
 msgid ""
-"SAML is an open standard for SSO authentication (among other things). Sign-"
-"ins are shared across multiple **service providers** and managed by a "
-"central **identity provider** (IdP)."
+"Connect your SAML (Security Assertion Markup Language) identity provider as "
+"a single sign-on (SSO) method. SAML is an open standard for SSO "
+"authentication (among other things). Sign-ins are shared across multiple "
+"**service providers** and managed by a central **identity provider** (IdP)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:11
+#: ../settings/security/third-party/saml.rst:12
 msgid ""
 "In this case, the service provider is Zammad, and the IdP is a software "
-"service that you either host or subscribe to (*e.g.,* `Keycloak <https://www."
+"service that you either host or subscribe to (e.g. `Keycloak <https://www."
 "keycloak.org/>`_, `Redhat SSO Server <https://access.redhat.com/products/red-"
 "hat-single-sign-on>`_, `ADFS <https://docs.microsoft.com/en-us/windows-"
 "server/identity/active-directory-federation-services>`_, or `Okta <https://"
 "www.okta.com/>`_)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:18
+#: ../settings/security/third-party/saml.rst:19
 msgid ""
-"This guide assumes you are already using SAML within your organization (i."
-"e., that your IdP is fully set up)."
+"This guide assumes you are already using SAML within your organization (i.e. "
+"that your IdP is fully set up)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:21
-msgid ""
-"Please note: Our instructions are based on connecting Zammad with Keycloak."
+#: ../settings/security/third-party/saml.rst:23
+msgid "Basic Configuration"
 msgstr ""
 
 #: ../settings/security/third-party/saml.rst:25
-msgid "Step 1: Configure Your IdP"
+msgid ""
+"This section describes the setup of an IdP in a general way. See :ref:`saml-"
+"guides` for setup guides for Keycloak and Microsoft SAML."
+msgstr ""
+
+#: ../settings/security/third-party/saml.rst:29
+msgid "Configure Your IdP"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:28
+#: ../settings/security/third-party/saml.rst:32
 msgid "Add Zammad as a Client/App"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:30
+#: ../settings/security/third-party/saml.rst:34
 msgid ""
 "Import Zammad into your IdP using the XML configuration found at ``https://"
 "your.zammad.domain/auth/saml/metadata``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:33
+#: ../settings/security/third-party/saml.rst:37
 msgid ""
 "If your IdP doesn't support XML import, you will have to configure Zammad as "
 "a new client/app manually using the above XML metadata file for reference."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:36
+#: ../settings/security/third-party/saml.rst:40
 msgid "For instance, when you see this tag:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:42
+#: ../settings/security/third-party/saml.rst:46
 msgid ""
 "Set the **Assertion Consumer Service Binding URL** (sometimes also listed as "
 "**Valid Redirect URIs**) to ``http://your.zammad.domain/auth/saml/callback``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:47
+#: ../settings/security/third-party/saml.rst:51
 msgid "Set Up User Attribute Mapping"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:49
+#: ../settings/security/third-party/saml.rst:53
 msgid ""
 "Zammad requests the following user attributes (or “properties”) from the IdP:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:51
+#: ../settings/security/third-party/saml.rst:55
 msgid "Email address (``email``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:52
+#: ../settings/security/third-party/saml.rst:56
 msgid "Full name (``name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:53
+#: ../settings/security/third-party/saml.rst:57
 msgid "Given name (``first_name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:54
+#: ../settings/security/third-party/saml.rst:58
 msgid "Family name (``last_name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:56
+#: ../settings/security/third-party/saml.rst:60
 msgid ""
 "You may need to set up “mappers” (or “mappings”) to tell your IdP how user "
 "attributes in SAML correspond to those in Zammad. For a more detailed "
 "breakdown, refer to the XML metadata file referenced in the previous section."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:62
-msgid "Per-IdP Instructions"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:102
-msgid "Keycloak"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:65
-msgid ""
-"**To add Zammad as a client,** save the XML configuration to disk (``https://"
-"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
-"Import client** in the Keycloak admin panel."
+#: ../settings/security/third-party/saml.rst:68
+msgid "Configuration Guides"
 msgstr ""
 
 #: ../settings/security/third-party/saml.rst:70
-msgid ""
-"To help Zammad **match its own user accounts to Keycloak users**, create a "
-"user attribute (or “property”) mapper. In **Clients list**, click on your "
-"newly created Client ID, choose the tab **Client scopes** and click on the "
-"link which refers to your Zammad instance. Choose **Add mapper > By "
-"configuration > User Property** and create a mapper with the following "
-"entries:"
+msgid "You can find specific configuration guides for:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:78
-msgid "**Name**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:80
-msgid "**Mapper Type**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:81
-msgid "``User Property``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:82
-msgid "**Property**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:83
-msgid "``emailAddress``"
+#: ../settings/security/third-party/saml.rst:72
+msgid ":doc:`Keycloak <./saml/saml-keycloak>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:84
-msgid "**SAML Attribute Name**"
+#: ../settings/security/third-party/saml.rst:73
+msgid ":doc:`Microsoft SAML <./saml/saml-microsoft>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:86
-msgid "**SAML Attribute NameFormat**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:87
-msgid "``basic``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:89
+#: ../settings/security/third-party/saml.rst:75
 msgid ""
-"In the example above, we're telling Zammad that whenever it receives a SAML "
-"login request, it should take the ``email`` property from Keycloak, look for "
-"a Zammad user with the same ``email`` attribute, and create a new session "
-"for that user."
+"If your are using another IdP, adapt it to your needs. For a description of "
+"the fields in Zammad, read on below."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:95
-msgid ""
-"If your Keycloak users' email addresses are stored on another property (*e."
-"g.,* ``username``), adjust accordingly."
+#: ../settings/security/third-party/saml.rst:88
+msgid "General Zammad Configuration"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:98
-msgid ""
-"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
-"saml/metadata``) in the field **Master SAML Processing URL**."
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:101
-msgid "You also need to enable **Sign assertions**."
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:105
-msgid "Step 2: Configure Zammad"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:107
+#: ../settings/security/third-party/saml.rst:90
 msgid ""
 "Enable SAML and enter your IdP's details in the Admin Panel under **Settings "
 "> Security > Third Party Applications > Authentication via SAML**:"
@@ -18038,66 +17980,65 @@ msgstr ""
 msgid "Example configuration of SAML part 1"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Display name"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:116
+#: ../settings/security/third-party/saml.rst:99
 msgid ""
 "Allows you to define a custom button name for SAML. This helps your users to "
 "understand better what the button on the login page does."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Defaults to ``SAML``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:123
+#: ../settings/security/third-party/saml.rst:106
 msgid "IDP SSO target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:122
+#: ../settings/security/third-party/saml.rst:105
 msgid ""
 "This is the target URL Zammad shall redirect to when the user presses the "
-"SAML button. For Keycloak, this needs to look like https://your.domain/"
-"realms/your-realm/protocol/saml"
+"SAML button."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:127
+#: ../settings/security/third-party/saml.rst:110
 msgid "IDP single logout target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:126
+#: ../settings/security/third-party/saml.rst:109
 msgid ""
 "This is the URL to which the single logout request and response should be "
 "sent."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:131
+#: ../settings/security/third-party/saml.rst:114
 msgid "IDP certificate"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:130
+#: ../settings/security/third-party/saml.rst:113
 msgid ""
 "The public certificate of your IDP for Zammad to verify during the callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:145
+#: ../settings/security/third-party/saml.rst:128
 msgid "IDP certificate fingerprint"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:134
+#: ../settings/security/third-party/saml.rst:117
 msgid ""
 "The fingerprint of your IDPs public certificate to verify during callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:137
+#: ../settings/security/third-party/saml.rst:120
 msgid "🔏 **For the IdP certificate / certificate fingerprint:**"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:139
+#: ../settings/security/third-party/saml.rst:122
 msgid ""
 "Provide **only one or the other**—do not provide both! (Between the two, we "
 "recommend the signing certificate itself: fingerprints use SHA-1, which `has "
@@ -18105,31 +18046,31 @@ msgid ""
 "sha1_broken.html>`_.)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:144
+#: ../settings/security/third-party/saml.rst:127
 msgid ""
 "**Keycloak users:** Find your certificate in the Keycloak admin panel under "
 "**Realm Settings > Keys > Algorithm: RS256 > Certificate**."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Name identifier format"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:148
+#: ../settings/security/third-party/saml.rst:131
 msgid ""
 "This is the unique identifiers field type. Usually it should be ``urn:oasis:"
 "names:tc:SAML:1.1:nameid-format:emailAddress``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Zammad **expects an email address as unique identifier**!"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:155
+#: ../settings/security/third-party/saml.rst:138
 msgid "UID attribute name"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:154
+#: ../settings/security/third-party/saml.rst:137
 msgid ""
 "Here you can define an attribute that uniquely identifies the user. If "
 "unset, the name identifier returned by the IDP is used."
@@ -18139,101 +18080,361 @@ msgstr ""
 msgid "Example configuration of SAML part 2"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:163
+#: ../settings/security/third-party/saml.rst:146
 msgid ""
 "Decide if the certificate for the connection to the IdP service has to be "
 "verified or not (default: ``yes``)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid "Signing & Encrypting"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid ""
 "Define if you want to sign, encrypt, do both or nothing for the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "Certificate (PEM)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:172
+#: ../settings/security/third-party/saml.rst:155
 msgid ""
 "Paste the public certificate of your Zammad SAML client, if you want to "
 "encrypt the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:175
+#: ../settings/security/third-party/saml.rst:158
 msgid "Make sure the certificate is:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:177
+#: ../settings/security/third-party/saml.rst:160
 msgid "already valid and not yet expired"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:178
+#: ../settings/security/third-party/saml.rst:161
 msgid "no CA certificate"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "valid for signing and encrypting"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Private key (PEM)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:182
+#: ../settings/security/third-party/saml.rst:165
 msgid ""
 "Paste the private key of your Zammad SAML client here, if you want to sign "
 "the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Make sure the key is an RSA key with a length of at least 2048 bits."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "Private key secret"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "If your private key is secured with a secret, you can provide it here."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:192
+#: ../settings/security/third-party/saml.rst:175
 msgid "Your callback URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:191
+#: ../settings/security/third-party/saml.rst:174
 msgid ""
 "This URL is needed for your IdP configuration so it knows where to redirect "
 "to after successful authentication."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:194
+#: ../settings/security/third-party/saml.rst:177
 msgid ""
 "After saving your input by clicking on the \"Submit\" button, Zammad "
 "verifies the provided keys/certificates (e.g. if they are valid for signing/"
 "encrypting and if they aren't expired)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:199
+#: ../settings/security/third-party/saml.rst:182
 msgid ""
 "See :ref:`automatic account linking <automatic-account-linking>` for details "
 "on how to link existing Zammad accounts to IdP accounts."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:205
+#: ../settings/security/third-party/saml.rst:188
 msgid "Automatic account linking doesn't work"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:206
+#: ../settings/security/third-party/saml.rst:189
 msgid ""
 "Have you double-checked your IdP's user attribute mapping configuration?"
 msgstr ""
 
+#: ../settings/security/third-party/saml/saml-keycloak.rst:2
+msgid "SAML with Keycloak"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:5
+msgid "Step 1: Keycloak Configuration"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:7
+msgid ""
+"**To add Zammad as a client,** save the XML configuration to disk (``https://"
+"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
+"Import client** in the Keycloak admin panel."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:13
+msgid ""
+"To help Zammad **match its own user accounts to Keycloak users**, create a "
+"user attribute (or “property”) mapper. In **Clients list**, click on your "
+"newly created Client ID, choose the tab **Client scopes** and click on the "
+"link which refers to your Zammad instance. Choose **Add mapper > By "
+"configuration > User Property** and create a mapper with the following "
+"entries:"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:22
+msgid "**Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:24
+msgid "**Mapper Type**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:25
+msgid "``User Property``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:26
+msgid "**Property**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:27
+msgid "``emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:28
+msgid "**SAML Attribute Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:30
+msgid "**SAML Attribute NameFormat**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:31
+msgid "``basic``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:33
+msgid ""
+"In the example above, we're telling Zammad that whenever it receives a SAML "
+"login request, it should take the ``email`` property from Keycloak, look for "
+"a Zammad user with the same ``email`` attribute, and create a new session "
+"for that user."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:39
+msgid ""
+"If your Keycloak users' email addresses are stored on another property (*e."
+"g.,* ``username``), adjust accordingly."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:42
+msgid ""
+"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
+"saml/metadata``) in the field **Master SAML Processing URL**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:46
+msgid "You also need to enable **Sign assertions**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:49
+msgid "2. Configure Zammad"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:51
+#: ../settings/security/third-party/saml/saml-microsoft.rst:53
+msgid "Log in to Zammad as an administrator"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:52
+#: ../settings/security/third-party/saml/saml-microsoft.rst:54
+msgid ""
+"In the admin panel go to \"Settings\" > \"Security\" > \"Third-party "
+"Applications\" > \"Authentication via SAML\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:54
+#: ../settings/security/third-party/saml/saml-microsoft.rst:56
+msgid "Provide the following information:"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:56
+msgid ""
+"SAML IdP Login URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:57
+msgid ""
+"SAML IdP Logout URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:59
+#: ../settings/security/third-party/saml/saml-microsoft.rst:61
+msgid ""
+"Name Identifier Format: ``urn:oasis:names:tc:SAML:1.1:nameid-format:"
+"emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:60
+#: ../settings/security/third-party/saml/saml-microsoft.rst:62
+msgid ""
+"SAML IdP Certificate: Upload the previously downloaded Base64 certificate."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:61
+#: ../settings/security/third-party/saml/saml-microsoft.rst:63
+msgid "Save the settings"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:64
+#: ../settings/security/third-party/saml/saml-microsoft.rst:72
+msgid ""
+"Read on at :ref:`saml-zammad` for a description of the specific fields in "
+"Zammad."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:2
+msgid "SAML with Microsoft 365"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:5
+msgid "1. Register Zammad as an Application in Microsoft Entra ID"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:7
+msgid "Log in to the Microsoft Entra admin center with administrative rights"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:8
+msgid ""
+"Navigate to \"Identity\" > \"Applications\" > \"Enterprise Applications\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:9
+msgid "Click \"New Application\" and select \"Create your own application\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:10
+msgid "Enter a name for the application, e.g. \"Zammad SAML Integration\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:11
+msgid ""
+"Choose \"Integrate any other application you don't find in the gallery\", "
+"then click \"Create\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:15
+msgid "2. Configure SAML-based Single Sign-On (SSO)"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:17
+msgid "After the application is created, go to its overview page"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:18
+msgid "Select \"Single sign-on\" from the left-hand menu"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:19
+msgid "Choose \"SAML\" as the sign-on method"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:20
+msgid "In the \"Basic SAML Configuration\" section, click \"Edit\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:22
+msgid ""
+"Identifier (Entity ID): Use Zammad's Entity ID, which can be found at "
+"``https://your.zammad.domain/auth/saml/metadata``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:24
+msgid ""
+"Reply URL (Assertion Consumer Service URL): Set it to ``https://your.zammad."
+"domain/auth/saml/callback``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:27
+msgid "Save the configuration"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:30
+msgid "3. Configure User Attributes and Claims Mapping"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:32
+msgid ""
+"In the \"Attributes & Claims\" section, click \"Edit\". By default, some "
+"claims like User Principal Name, Email Address, First Name, and Last Name "
+"are already configured."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid ""
+"Screenshots showing \"Attribute & Claims\" configuration in Entra admin "
+"center"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:41
+msgid "4. Download the SAML Certificate"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:43
+msgid ""
+"In the \"SAML Signing Certificate\" section, download the \"Certificate "
+"(Base64)\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid "Screenshot showing the highlighted certificate export already"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:51
+msgid "5. Configure Zammad"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:58
+msgid ""
+"IDP SSO target URL: The Login URL from the Microsoft Entra Admin Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:59
+msgid ""
+"IDP single logout target URL: The Logout URL from the Microsoft Entra Admin "
+"Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:66
+msgid "6. Assign Users"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:68
+msgid ""
+"In Microsoft Entra ID, assign the relevant users to the Zammad application "
+"to grant them access."
+msgstr ""
+
 #: ../settings/security/third-party/twitter.rst:4
 msgid ""
 "It is possible to create a quick login for your helpdesk via Twitter. To do "
diff --git a/locale/tr/LC_MESSAGES/admin-docs.po b/locale/tr/LC_MESSAGES/admin-docs.po
index e4484f0f..d0c39b02 100644
--- a/locale/tr/LC_MESSAGES/admin-docs.po
+++ b/locale/tr/LC_MESSAGES/admin-docs.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Zammad\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-11-14 11:32+0100\n"
+"POT-Creation-Date: 2024-11-29 15:26+0100\n"
 "PO-Revision-Date: 2024-09-27 17:00+0000\n"
 "Last-Translator: Rob <robertborge@outlook.com>\n"
 "Language-Team: Turkish <https://translations.zammad.org/projects/"
@@ -26,6 +26,7 @@ msgstr "Sohbet"
 #: ../channels/chat.rst:5 ../channels/facebook.rst:5
 #: ../misc/object-conditions/basics.rst:5
 #: ../settings/security/ssl-certificates.rst:5
+#: ../settings/security/third-party/saml.rst:5
 #: ../system/integrations/pgp/index.rst:5 ../system/objects/permissions.rst:5
 #, fuzzy
 msgid "Introduction"
@@ -592,7 +593,7 @@ msgstr "SSL / STARTTLS"
 
 #: ../channels/email/accounts/account-setup.rst:141
 #: ../channels/email/accounts/account-setup.rst:264
-#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:166
+#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:149
 #: ../system/integrations/i-doit.rst:74
 #, fuzzy
 msgid "SSL verification"
@@ -864,7 +865,7 @@ msgstr ""
 #: ../channels/email/accounts/account-setup.rst:288
 #: ../channels/google/basic-setup.rst:231
 #: ../channels/microsoft365/accounts/account-setup.rst:170
-#: ../settings/security/third-party/saml.rst:203
+#: ../settings/security/third-party/saml.rst:186
 #: ../system/integrations/cti/includes/troubleshooting.include.rst:2
 #: ../system/integrations/github.rst:53 ../system/integrations/gitlab.rst:46
 #: ../system/integrations/pgp/index.rst:112
@@ -4340,8 +4341,8 @@ msgid "OpenId permissions"
 msgstr "OpenId izinleri"
 
 #: ../channels/microsoft365/accounts/register-app.rst:87
-#: ../settings/security/third-party/saml.rst:79
-#: ../settings/security/third-party/saml.rst:85
+#: ../settings/security/third-party/saml/saml-keycloak.rst:23
+#: ../settings/security/third-party/saml/saml-keycloak.rst:29
 msgid "``email``"
 msgstr "``e-posta``"
 
@@ -18962,190 +18963,136 @@ msgstr ""
 msgid "SAML"
 msgstr "SAML"
 
-#: ../settings/security/third-party/saml.rst:4
-msgid ""
-"Connect your SAML (Security Assertion Markup Language) identity provider as "
-"a single sign-on (SSO) method."
-msgstr ""
-
 #: ../settings/security/third-party/saml.rst:7
 msgid ""
-"SAML is an open standard for SSO authentication (among other things). Sign-"
-"ins are shared across multiple **service providers** and managed by a "
-"central **identity provider** (IdP)."
+"Connect your SAML (Security Assertion Markup Language) identity provider as "
+"a single sign-on (SSO) method. SAML is an open standard for SSO "
+"authentication (among other things). Sign-ins are shared across multiple "
+"**service providers** and managed by a central **identity provider** (IdP)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:11
+#: ../settings/security/third-party/saml.rst:12
 msgid ""
 "In this case, the service provider is Zammad, and the IdP is a software "
-"service that you either host or subscribe to (*e.g.,* `Keycloak <https://www."
+"service that you either host or subscribe to (e.g. `Keycloak <https://www."
 "keycloak.org/>`_, `Redhat SSO Server <https://access.redhat.com/products/red-"
 "hat-single-sign-on>`_, `ADFS <https://docs.microsoft.com/en-us/windows-"
 "server/identity/active-directory-federation-services>`_, or `Okta <https://"
 "www.okta.com/>`_)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:18
+#: ../settings/security/third-party/saml.rst:19
 msgid ""
-"This guide assumes you are already using SAML within your organization (i."
-"e., that your IdP is fully set up)."
+"This guide assumes you are already using SAML within your organization (i.e. "
+"that your IdP is fully set up)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:21
-msgid ""
-"Please note: Our instructions are based on connecting Zammad with Keycloak."
-msgstr ""
+#: ../settings/security/third-party/saml.rst:23
+#, fuzzy
+msgid "Basic Configuration"
+msgstr "Yapılandırma"
 
 #: ../settings/security/third-party/saml.rst:25
-msgid "Step 1: Configure Your IdP"
+msgid ""
+"This section describes the setup of an IdP in a general way. See :ref:`saml-"
+"guides` for setup guides for Keycloak and Microsoft SAML."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:28
+#: ../settings/security/third-party/saml.rst:29
+#, fuzzy
+#| msgid "Config"
+msgid "Configure Your IdP"
+msgstr "Yapılandırma"
+
+#: ../settings/security/third-party/saml.rst:32
 msgid "Add Zammad as a Client/App"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:30
+#: ../settings/security/third-party/saml.rst:34
 msgid ""
 "Import Zammad into your IdP using the XML configuration found at ``https://"
 "your.zammad.domain/auth/saml/metadata``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:33
+#: ../settings/security/third-party/saml.rst:37
 msgid ""
 "If your IdP doesn't support XML import, you will have to configure Zammad as "
 "a new client/app manually using the above XML metadata file for reference."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:36
+#: ../settings/security/third-party/saml.rst:40
 msgid "For instance, when you see this tag:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:42
+#: ../settings/security/third-party/saml.rst:46
 msgid ""
 "Set the **Assertion Consumer Service Binding URL** (sometimes also listed as "
 "**Valid Redirect URIs**) to ``http://your.zammad.domain/auth/saml/callback``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:47
+#: ../settings/security/third-party/saml.rst:51
 msgid "Set Up User Attribute Mapping"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:49
+#: ../settings/security/third-party/saml.rst:53
 msgid ""
 "Zammad requests the following user attributes (or “properties”) from the IdP:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:51
+#: ../settings/security/third-party/saml.rst:55
 msgid "Email address (``email``)"
 msgstr "E-posta adresi (``email``)"
 
-#: ../settings/security/third-party/saml.rst:52
+#: ../settings/security/third-party/saml.rst:56
 msgid "Full name (``name``)"
 msgstr "Tam isim (``name``)"
 
-#: ../settings/security/third-party/saml.rst:53
+#: ../settings/security/third-party/saml.rst:57
 msgid "Given name (``first_name``)"
 msgstr "Verilen isim (``first_name``)"
 
-#: ../settings/security/third-party/saml.rst:54
+#: ../settings/security/third-party/saml.rst:58
 msgid "Family name (``last_name``)"
 msgstr "Aile ismi (``last_name``)"
 
-#: ../settings/security/third-party/saml.rst:56
+#: ../settings/security/third-party/saml.rst:60
 msgid ""
 "You may need to set up “mappers” (or “mappings”) to tell your IdP how user "
 "attributes in SAML correspond to those in Zammad. For a more detailed "
 "breakdown, refer to the XML metadata file referenced in the previous section."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:62
-msgid "Per-IdP Instructions"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:102
-msgid "Keycloak"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:65
-msgid ""
-"**To add Zammad as a client,** save the XML configuration to disk (``https://"
-"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
-"Import client** in the Keycloak admin panel."
-msgstr ""
+#: ../settings/security/third-party/saml.rst:68
+#, fuzzy
+#| msgid "Configuration"
+msgid "Configuration Guides"
+msgstr "Yapılandırma"
 
 #: ../settings/security/third-party/saml.rst:70
-msgid ""
-"To help Zammad **match its own user accounts to Keycloak users**, create a "
-"user attribute (or “property”) mapper. In **Clients list**, click on your "
-"newly created Client ID, choose the tab **Client scopes** and click on the "
-"link which refers to your Zammad instance. Choose **Add mapper > By "
-"configuration > User Property** and create a mapper with the following "
-"entries:"
+msgid "You can find specific configuration guides for:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:78
-msgid "**Name**"
-msgstr "**Adı**"
-
-#: ../settings/security/third-party/saml.rst:80
-msgid "**Mapper Type**"
+#: ../settings/security/third-party/saml.rst:72
+msgid ":doc:`Keycloak <./saml/saml-keycloak>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:81
+#: ../settings/security/third-party/saml.rst:73
 #, fuzzy
-msgid "``User Property``"
-msgstr "``User-Agent``"
-
-#: ../settings/security/third-party/saml.rst:82
-msgid "**Property**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:83
-#, fuzzy
-msgid "``emailAddress``"
-msgstr "epostaAdresi"
-
-#: ../settings/security/third-party/saml.rst:84
-msgid "**SAML Attribute Name**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:86
-msgid "**SAML Attribute NameFormat**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:87
-msgid "``basic``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:89
-msgid ""
-"In the example above, we're telling Zammad that whenever it receives a SAML "
-"login request, it should take the ``email`` property from Keycloak, look for "
-"a Zammad user with the same ``email`` attribute, and create a new session "
-"for that user."
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:95
-msgid ""
-"If your Keycloak users' email addresses are stored on another property (*e."
-"g.,* ``username``), adjust accordingly."
-msgstr ""
+msgid ":doc:`Microsoft SAML <./saml/saml-microsoft>`"
+msgstr ":doc:`Kanallar > E-posta </channels/email/index>`"
 
-#: ../settings/security/third-party/saml.rst:98
+#: ../settings/security/third-party/saml.rst:75
 msgid ""
-"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
-"saml/metadata``) in the field **Master SAML Processing URL**."
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:101
-msgid "You also need to enable **Sign assertions**."
+"If your are using another IdP, adapt it to your needs. For a description of "
+"the fields in Zammad, read on below."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:105
-msgid "Step 2: Configure Zammad"
-msgstr ""
+#: ../settings/security/third-party/saml.rst:88
+#, fuzzy
+msgid "General Zammad Configuration"
+msgstr "Yapılandırma"
 
-#: ../settings/security/third-party/saml.rst:107
+#: ../settings/security/third-party/saml.rst:90
 msgid ""
 "Enable SAML and enter your IdP's details in the Admin Panel under **Settings "
 "> Security > Third Party Applications > Authentication via SAML**:"
@@ -19156,69 +19103,68 @@ msgstr ""
 msgid "Example configuration of SAML part 1"
 msgstr "Makale > Görünürlük"
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 #, fuzzy
 msgid "Display name"
 msgstr "Görünen Ad"
 
-#: ../settings/security/third-party/saml.rst:116
+#: ../settings/security/third-party/saml.rst:99
 msgid ""
 "Allows you to define a custom button name for SAML. This helps your users to "
 "understand better what the button on the login page does."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Defaults to ``SAML``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:123
+#: ../settings/security/third-party/saml.rst:106
 msgid "IDP SSO target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:122
+#: ../settings/security/third-party/saml.rst:105
 msgid ""
 "This is the target URL Zammad shall redirect to when the user presses the "
-"SAML button. For Keycloak, this needs to look like https://your.domain/"
-"realms/your-realm/protocol/saml"
+"SAML button."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:127
+#: ../settings/security/third-party/saml.rst:110
 msgid "IDP single logout target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:126
+#: ../settings/security/third-party/saml.rst:109
 msgid ""
 "This is the URL to which the single logout request and response should be "
 "sent."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:131
+#: ../settings/security/third-party/saml.rst:114
 #, fuzzy
 msgid "IDP certificate"
 msgstr "Sertifika Ekle"
 
-#: ../settings/security/third-party/saml.rst:130
+#: ../settings/security/third-party/saml.rst:113
 msgid ""
 "The public certificate of your IDP for Zammad to verify during the callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:145
+#: ../settings/security/third-party/saml.rst:128
 #, fuzzy
 msgid "IDP certificate fingerprint"
 msgstr "Sertifika Ekle"
 
-#: ../settings/security/third-party/saml.rst:134
+#: ../settings/security/third-party/saml.rst:117
 msgid ""
 "The fingerprint of your IDPs public certificate to verify during callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:137
+#: ../settings/security/third-party/saml.rst:120
 msgid "🔏 **For the IdP certificate / certificate fingerprint:**"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:139
+#: ../settings/security/third-party/saml.rst:122
 msgid ""
 "Provide **only one or the other**—do not provide both! (Between the two, we "
 "recommend the signing certificate itself: fingerprints use SHA-1, which `has "
@@ -19226,32 +19172,32 @@ msgid ""
 "sha1_broken.html>`_.)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:144
+#: ../settings/security/third-party/saml.rst:127
 msgid ""
 "**Keycloak users:** Find your certificate in the Keycloak admin panel under "
 "**Realm Settings > Keys > Algorithm: RS256 > Certificate**."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Name identifier format"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:148
+#: ../settings/security/third-party/saml.rst:131
 msgid ""
 "This is the unique identifiers field type. Usually it should be ``urn:oasis:"
 "names:tc:SAML:1.1:nameid-format:emailAddress``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Zammad **expects an email address as unique identifier**!"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:155
+#: ../settings/security/third-party/saml.rst:138
 #, fuzzy
 msgid "UID attribute name"
 msgstr "Bilet Nitelikleri"
 
-#: ../settings/security/third-party/saml.rst:154
+#: ../settings/security/third-party/saml.rst:137
 msgid ""
 "Here you can define an attribute that uniquely identifies the user. If "
 "unset, the name identifier returned by the IDP is used."
@@ -19262,109 +19208,386 @@ msgstr ""
 msgid "Example configuration of SAML part 2"
 msgstr "Makale > Görünürlük"
 
-#: ../settings/security/third-party/saml.rst:163
+#: ../settings/security/third-party/saml.rst:146
 msgid ""
 "Decide if the certificate for the connection to the IdP service has to be "
 "verified or not (default: ``yes``)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 #, fuzzy
 msgid "Signing & Encrypting"
 msgstr "Şifreleme"
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid ""
 "Define if you want to sign, encrypt, do both or nothing for the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 #, fuzzy
 msgid "Certificate (PEM)"
 msgstr "Sertifika Ekle"
 
-#: ../settings/security/third-party/saml.rst:172
+#: ../settings/security/third-party/saml.rst:155
 msgid ""
 "Paste the public certificate of your Zammad SAML client, if you want to "
 "encrypt the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:175
+#: ../settings/security/third-party/saml.rst:158
 #, fuzzy
 msgid "Make sure the certificate is:"
 msgstr "Alıcının sertifikasının geçerli olduğundan emin misiniz?"
 
-#: ../settings/security/third-party/saml.rst:177
+#: ../settings/security/third-party/saml.rst:160
 msgid "already valid and not yet expired"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:178
+#: ../settings/security/third-party/saml.rst:161
 #, fuzzy
 msgid "no CA certificate"
 msgstr "Sertifika Ekle"
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 #, fuzzy
 msgid "valid for signing and encrypting"
 msgstr "Şifreleme"
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 #, fuzzy
 msgid "Private key (PEM)"
 msgstr "Özel Anahtar Ekle"
 
-#: ../settings/security/third-party/saml.rst:182
+#: ../settings/security/third-party/saml.rst:165
 msgid ""
 "Paste the private key of your Zammad SAML client here, if you want to sign "
 "the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Make sure the key is an RSA key with a length of at least 2048 bits."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 #, fuzzy
 msgid "Private key secret"
 msgstr "Kişisel hesaplar"
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "If your private key is secured with a secret, you can provide it here."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:192
+#: ../settings/security/third-party/saml.rst:175
 msgid "Your callback URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:191
+#: ../settings/security/third-party/saml.rst:174
 msgid ""
 "This URL is needed for your IdP configuration so it knows where to redirect "
 "to after successful authentication."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:194
+#: ../settings/security/third-party/saml.rst:177
 msgid ""
 "After saving your input by clicking on the \"Submit\" button, Zammad "
 "verifies the provided keys/certificates (e.g. if they are valid for signing/"
 "encrypting and if they aren't expired)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:199
+#: ../settings/security/third-party/saml.rst:182
 msgid ""
 "See :ref:`automatic account linking <automatic-account-linking>` for details "
 "on how to link existing Zammad accounts to IdP accounts."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:205
+#: ../settings/security/third-party/saml.rst:188
 #, fuzzy
 msgid "Automatic account linking doesn't work"
 msgstr "Otomatik hesap bağlantısı çalışmıyor"
 
-#: ../settings/security/third-party/saml.rst:206
+#: ../settings/security/third-party/saml.rst:189
 msgid ""
 "Have you double-checked your IdP's user attribute mapping configuration?"
 msgstr ""
 
+#: ../settings/security/third-party/saml/saml-keycloak.rst:2
+msgid "SAML with Keycloak"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:5
+#, fuzzy
+msgid "Step 1: Keycloak Configuration"
+msgstr "Yapılandırma"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:7
+msgid ""
+"**To add Zammad as a client,** save the XML configuration to disk (``https://"
+"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
+"Import client** in the Keycloak admin panel."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:13
+msgid ""
+"To help Zammad **match its own user accounts to Keycloak users**, create a "
+"user attribute (or “property”) mapper. In **Clients list**, click on your "
+"newly created Client ID, choose the tab **Client scopes** and click on the "
+"link which refers to your Zammad instance. Choose **Add mapper > By "
+"configuration > User Property** and create a mapper with the following "
+"entries:"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:22
+msgid "**Name**"
+msgstr "**Adı**"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:24
+msgid "**Mapper Type**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:25
+#, fuzzy
+msgid "``User Property``"
+msgstr "``User-Agent``"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:26
+msgid "**Property**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:27
+#, fuzzy
+msgid "``emailAddress``"
+msgstr "epostaAdresi"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:28
+msgid "**SAML Attribute Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:30
+msgid "**SAML Attribute NameFormat**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:31
+msgid "``basic``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:33
+msgid ""
+"In the example above, we're telling Zammad that whenever it receives a SAML "
+"login request, it should take the ``email`` property from Keycloak, look for "
+"a Zammad user with the same ``email`` attribute, and create a new session "
+"for that user."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:39
+msgid ""
+"If your Keycloak users' email addresses are stored on another property (*e."
+"g.,* ``username``), adjust accordingly."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:42
+msgid ""
+"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
+"saml/metadata``) in the field **Master SAML Processing URL**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:46
+msgid "You also need to enable **Sign assertions**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:49
+#, fuzzy
+#| msgid "Configure Zammad as GitHub app"
+msgid "2. Configure Zammad"
+msgstr "Zammad'ı GitHub uygulaması olarak yapılandır"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:51
+#: ../settings/security/third-party/saml/saml-microsoft.rst:53
+#, fuzzy
+#| msgid "Zammad - Documentation for administrators"
+msgid "Log in to Zammad as an administrator"
+msgstr "Zammad - Yöneticiler için dokümantasyon"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:52
+#: ../settings/security/third-party/saml/saml-microsoft.rst:54
+msgid ""
+"In the admin panel go to \"Settings\" > \"Security\" > \"Third-party "
+"Applications\" > \"Authentication via SAML\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:54
+#: ../settings/security/third-party/saml/saml-microsoft.rst:56
+#, fuzzy
+msgid "Provide the following information:"
+msgstr "Bu bölümde şu anda aşağıdaki entegrasyonlar eksik:"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:56
+msgid ""
+"SAML IdP Login URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:57
+msgid ""
+"SAML IdP Logout URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:59
+#: ../settings/security/third-party/saml/saml-microsoft.rst:61
+msgid ""
+"Name Identifier Format: ``urn:oasis:names:tc:SAML:1.1:nameid-format:"
+"emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:60
+#: ../settings/security/third-party/saml/saml-microsoft.rst:62
+msgid ""
+"SAML IdP Certificate: Upload the previously downloaded Base64 certificate."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:61
+#: ../settings/security/third-party/saml/saml-microsoft.rst:63
+#, fuzzy
+msgid "Save the settings"
+msgstr "Ayarlar"
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:64
+#: ../settings/security/third-party/saml/saml-microsoft.rst:72
+msgid ""
+"Read on at :ref:`saml-zammad` for a description of the specific fields in "
+"Zammad."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:2
+#, fuzzy
+#| msgid "Microsoft 365"
+msgid "SAML with Microsoft 365"
+msgstr "Microsoft 365"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:5
+msgid "1. Register Zammad as an Application in Microsoft Entra ID"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:7
+msgid "Log in to the Microsoft Entra admin center with administrative rights"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:8
+msgid ""
+"Navigate to \"Identity\" > \"Applications\" > \"Enterprise Applications\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:9
+msgid "Click \"New Application\" and select \"Create your own application\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:10
+msgid "Enter a name for the application, e.g. \"Zammad SAML Integration\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:11
+msgid ""
+"Choose \"Integrate any other application you don't find in the gallery\", "
+"then click \"Create\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:15
+msgid "2. Configure SAML-based Single Sign-On (SSO)"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:17
+msgid "After the application is created, go to its overview page"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:18
+msgid "Select \"Single sign-on\" from the left-hand menu"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:19
+msgid "Choose \"SAML\" as the sign-on method"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:20
+msgid "In the \"Basic SAML Configuration\" section, click \"Edit\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:22
+msgid ""
+"Identifier (Entity ID): Use Zammad's Entity ID, which can be found at "
+"``https://your.zammad.domain/auth/saml/metadata``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:24
+msgid ""
+"Reply URL (Assertion Consumer Service URL): Set it to ``https://your.zammad."
+"domain/auth/saml/callback``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:27
+#, fuzzy
+msgid "Save the configuration"
+msgstr "Yapılandırma"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:30
+msgid "3. Configure User Attributes and Claims Mapping"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:32
+msgid ""
+"In the \"Attributes & Claims\" section, click \"Edit\". By default, some "
+"claims like User Principal Name, Email Address, First Name, and Last Name "
+"are already configured."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid ""
+"Screenshots showing \"Attribute & Claims\" configuration in Entra admin "
+"center"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:41
+#, fuzzy
+msgid "4. Download the SAML Certificate"
+msgstr "Sertifika Ekle"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:43
+msgid ""
+"In the \"SAML Signing Certificate\" section, download the \"Certificate "
+"(Base64)\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+#, fuzzy
+#| msgid "Screenshot showing basic email account setup inbound"
+msgid "Screenshot showing the highlighted certificate export already"
+msgstr "Gelen temel e-posta hesabı kurulumunu gösteren ekran görüntüsü"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:51
+#, fuzzy
+#| msgid "Configure Zammad as GitHub app"
+msgid "5. Configure Zammad"
+msgstr "Zammad'ı GitHub uygulaması olarak yapılandır"
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:58
+msgid ""
+"IDP SSO target URL: The Login URL from the Microsoft Entra Admin Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:59
+msgid ""
+"IDP single logout target URL: The Logout URL from the Microsoft Entra Admin "
+"Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:66
+msgid "6. Assign Users"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:68
+msgid ""
+"In Microsoft Entra ID, assign the relevant users to the Zammad application "
+"to grant them access."
+msgstr ""
+
 #: ../settings/security/third-party/twitter.rst:4
 #, fuzzy
 msgid ""
@@ -28465,9 +28688,6 @@ msgstr "Zammad örneğinizde şu anda hangi versiyonun kullanıldığını göst
 #~ msgid "Ordering objects"
 #~ msgstr "Nesneler"
 
-#~ msgid "Zammad - Documentation for administrators"
-#~ msgstr "Zammad - Yöneticiler için dokümantasyon"
-
 #~ msgid "`System > API <https://docs.zammad.org/en/latest/api-intro.html>`_"
 #~ msgstr "`Sistem > API <https://docs.zammad.org/en/latest/api-intro.html>`_"
 
diff --git a/locale/zh_Hans/LC_MESSAGES/admin-docs.po b/locale/zh_Hans/LC_MESSAGES/admin-docs.po
index 7304fff3..e9c3dec3 100644
--- a/locale/zh_Hans/LC_MESSAGES/admin-docs.po
+++ b/locale/zh_Hans/LC_MESSAGES/admin-docs.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Zammad\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-11-14 11:32+0100\n"
+"POT-Creation-Date: 2024-11-29 15:26+0100\n"
 "PO-Revision-Date: 2023-08-14 12:18+0000\n"
 "Last-Translator: chen <chenchen@4chian.com>\n"
 "Language-Team: Chinese (Simplified) <https://translations.zammad.org/"
@@ -26,6 +26,7 @@ msgstr "对话"
 #: ../channels/chat.rst:5 ../channels/facebook.rst:5
 #: ../misc/object-conditions/basics.rst:5
 #: ../settings/security/ssl-certificates.rst:5
+#: ../settings/security/third-party/saml.rst:5
 #: ../system/integrations/pgp/index.rst:5 ../system/objects/permissions.rst:5
 msgid "Introduction"
 msgstr ""
@@ -581,7 +582,7 @@ msgstr ""
 
 #: ../channels/email/accounts/account-setup.rst:141
 #: ../channels/email/accounts/account-setup.rst:264
-#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:166
+#: ../manage/webhook/add.rst:72 ../settings/security/third-party/saml.rst:149
 #: ../system/integrations/i-doit.rst:74
 msgid "SSL verification"
 msgstr ""
@@ -847,7 +848,7 @@ msgstr ""
 #: ../channels/email/accounts/account-setup.rst:288
 #: ../channels/google/basic-setup.rst:231
 #: ../channels/microsoft365/accounts/account-setup.rst:170
-#: ../settings/security/third-party/saml.rst:203
+#: ../settings/security/third-party/saml.rst:186
 #: ../system/integrations/cti/includes/troubleshooting.include.rst:2
 #: ../system/integrations/github.rst:53 ../system/integrations/gitlab.rst:46
 #: ../system/integrations/pgp/index.rst:112
@@ -4116,8 +4117,8 @@ msgid "OpenId permissions"
 msgstr ""
 
 #: ../channels/microsoft365/accounts/register-app.rst:87
-#: ../settings/security/third-party/saml.rst:79
-#: ../settings/security/third-party/saml.rst:85
+#: ../settings/security/third-party/saml/saml-keycloak.rst:23
+#: ../settings/security/third-party/saml/saml-keycloak.rst:29
 msgid "``email``"
 msgstr ""
 
@@ -17966,188 +17967,133 @@ msgstr ""
 msgid "SAML"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:4
-msgid ""
-"Connect your SAML (Security Assertion Markup Language) identity provider as "
-"a single sign-on (SSO) method."
-msgstr ""
-
 #: ../settings/security/third-party/saml.rst:7
 msgid ""
-"SAML is an open standard for SSO authentication (among other things). Sign-"
-"ins are shared across multiple **service providers** and managed by a "
-"central **identity provider** (IdP)."
+"Connect your SAML (Security Assertion Markup Language) identity provider as "
+"a single sign-on (SSO) method. SAML is an open standard for SSO "
+"authentication (among other things). Sign-ins are shared across multiple "
+"**service providers** and managed by a central **identity provider** (IdP)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:11
+#: ../settings/security/third-party/saml.rst:12
 msgid ""
 "In this case, the service provider is Zammad, and the IdP is a software "
-"service that you either host or subscribe to (*e.g.,* `Keycloak <https://www."
+"service that you either host or subscribe to (e.g. `Keycloak <https://www."
 "keycloak.org/>`_, `Redhat SSO Server <https://access.redhat.com/products/red-"
 "hat-single-sign-on>`_, `ADFS <https://docs.microsoft.com/en-us/windows-"
 "server/identity/active-directory-federation-services>`_, or `Okta <https://"
 "www.okta.com/>`_)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:18
+#: ../settings/security/third-party/saml.rst:19
 msgid ""
-"This guide assumes you are already using SAML within your organization (i."
-"e., that your IdP is fully set up)."
+"This guide assumes you are already using SAML within your organization (i.e. "
+"that your IdP is fully set up)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:21
+#: ../settings/security/third-party/saml.rst:23
+#, fuzzy
+#| msgid "Configuration of the Chat widget"
+msgid "Basic Configuration"
+msgstr "聊天小部件的配置"
+
+#: ../settings/security/third-party/saml.rst:25
 msgid ""
-"Please note: Our instructions are based on connecting Zammad with Keycloak."
+"This section describes the setup of an IdP in a general way. See :ref:`saml-"
+"guides` for setup guides for Keycloak and Microsoft SAML."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:25
-msgid "Step 1: Configure Your IdP"
+#: ../settings/security/third-party/saml.rst:29
+msgid "Configure Your IdP"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:28
+#: ../settings/security/third-party/saml.rst:32
 msgid "Add Zammad as a Client/App"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:30
+#: ../settings/security/third-party/saml.rst:34
 msgid ""
 "Import Zammad into your IdP using the XML configuration found at ``https://"
 "your.zammad.domain/auth/saml/metadata``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:33
+#: ../settings/security/third-party/saml.rst:37
 msgid ""
 "If your IdP doesn't support XML import, you will have to configure Zammad as "
 "a new client/app manually using the above XML metadata file for reference."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:36
+#: ../settings/security/third-party/saml.rst:40
 msgid "For instance, when you see this tag:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:42
+#: ../settings/security/third-party/saml.rst:46
 msgid ""
 "Set the **Assertion Consumer Service Binding URL** (sometimes also listed as "
 "**Valid Redirect URIs**) to ``http://your.zammad.domain/auth/saml/callback``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:47
+#: ../settings/security/third-party/saml.rst:51
 msgid "Set Up User Attribute Mapping"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:49
+#: ../settings/security/third-party/saml.rst:53
 msgid ""
 "Zammad requests the following user attributes (or “properties”) from the IdP:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:51
+#: ../settings/security/third-party/saml.rst:55
 msgid "Email address (``email``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:52
+#: ../settings/security/third-party/saml.rst:56
 msgid "Full name (``name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:53
+#: ../settings/security/third-party/saml.rst:57
 msgid "Given name (``first_name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:54
+#: ../settings/security/third-party/saml.rst:58
 msgid "Family name (``last_name``)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:56
+#: ../settings/security/third-party/saml.rst:60
 msgid ""
 "You may need to set up “mappers” (or “mappings”) to tell your IdP how user "
 "attributes in SAML correspond to those in Zammad. For a more detailed "
 "breakdown, refer to the XML metadata file referenced in the previous section."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:62
-msgid "Per-IdP Instructions"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:102
-msgid "Keycloak"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:65
-msgid ""
-"**To add Zammad as a client,** save the XML configuration to disk (``https://"
-"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
-"Import client** in the Keycloak admin panel."
-msgstr ""
+#: ../settings/security/third-party/saml.rst:68
+#, fuzzy
+#| msgid "Configuration of the Chat widget"
+msgid "Configuration Guides"
+msgstr "聊天小部件的配置"
 
 #: ../settings/security/third-party/saml.rst:70
-msgid ""
-"To help Zammad **match its own user accounts to Keycloak users**, create a "
-"user attribute (or “property”) mapper. In **Clients list**, click on your "
-"newly created Client ID, choose the tab **Client scopes** and click on the "
-"link which refers to your Zammad instance. Choose **Add mapper > By "
-"configuration > User Property** and create a mapper with the following "
-"entries:"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:78
-msgid "**Name**"
+msgid "You can find specific configuration guides for:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:80
-msgid "**Mapper Type**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:81
-msgid "``User Property``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:82
-msgid "**Property**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:83
-msgid "``emailAddress``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:84
-msgid "**SAML Attribute Name**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:86
-msgid "**SAML Attribute NameFormat**"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:87
-msgid "``basic``"
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:89
-msgid ""
-"In the example above, we're telling Zammad that whenever it receives a SAML "
-"login request, it should take the ``email`` property from Keycloak, look for "
-"a Zammad user with the same ``email`` attribute, and create a new session "
-"for that user."
+#: ../settings/security/third-party/saml.rst:72
+msgid ":doc:`Keycloak <./saml/saml-keycloak>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:95
-msgid ""
-"If your Keycloak users' email addresses are stored on another property (*e."
-"g.,* ``username``), adjust accordingly."
+#: ../settings/security/third-party/saml.rst:73
+msgid ":doc:`Microsoft SAML <./saml/saml-microsoft>`"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:98
+#: ../settings/security/third-party/saml.rst:75
 msgid ""
-"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
-"saml/metadata``) in the field **Master SAML Processing URL**."
+"If your are using another IdP, adapt it to your needs. For a description of "
+"the fields in Zammad, read on below."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:101
-msgid "You also need to enable **Sign assertions**."
-msgstr ""
-
-#: ../settings/security/third-party/saml.rst:105
-msgid "Step 2: Configure Zammad"
+#: ../settings/security/third-party/saml.rst:88
+msgid "General Zammad Configuration"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:107
+#: ../settings/security/third-party/saml.rst:90
 msgid ""
 "Enable SAML and enter your IdP's details in the Admin Panel under **Settings "
 "> Security > Third Party Applications > Authentication via SAML**:"
@@ -18157,66 +18103,65 @@ msgstr ""
 msgid "Example configuration of SAML part 1"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Display name"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:116
+#: ../settings/security/third-party/saml.rst:99
 msgid ""
 "Allows you to define a custom button name for SAML. This helps your users to "
 "understand better what the button on the login page does."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:119
+#: ../settings/security/third-party/saml.rst:102
 msgid "Defaults to ``SAML``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:123
+#: ../settings/security/third-party/saml.rst:106
 msgid "IDP SSO target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:122
+#: ../settings/security/third-party/saml.rst:105
 msgid ""
 "This is the target URL Zammad shall redirect to when the user presses the "
-"SAML button. For Keycloak, this needs to look like https://your.domain/"
-"realms/your-realm/protocol/saml"
+"SAML button."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:127
+#: ../settings/security/third-party/saml.rst:110
 msgid "IDP single logout target URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:126
+#: ../settings/security/third-party/saml.rst:109
 msgid ""
 "This is the URL to which the single logout request and response should be "
 "sent."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:131
+#: ../settings/security/third-party/saml.rst:114
 msgid "IDP certificate"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:130
+#: ../settings/security/third-party/saml.rst:113
 msgid ""
 "The public certificate of your IDP for Zammad to verify during the callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:145
+#: ../settings/security/third-party/saml.rst:128
 msgid "IDP certificate fingerprint"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:134
+#: ../settings/security/third-party/saml.rst:117
 msgid ""
 "The fingerprint of your IDPs public certificate to verify during callback "
 "phase."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:137
+#: ../settings/security/third-party/saml.rst:120
 msgid "🔏 **For the IdP certificate / certificate fingerprint:**"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:139
+#: ../settings/security/third-party/saml.rst:122
 msgid ""
 "Provide **only one or the other**—do not provide both! (Between the two, we "
 "recommend the signing certificate itself: fingerprints use SHA-1, which `has "
@@ -18224,31 +18169,31 @@ msgid ""
 "sha1_broken.html>`_.)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:144
+#: ../settings/security/third-party/saml.rst:127
 msgid ""
 "**Keycloak users:** Find your certificate in the Keycloak admin panel under "
 "**Realm Settings > Keys > Algorithm: RS256 > Certificate**."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Name identifier format"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:148
+#: ../settings/security/third-party/saml.rst:131
 msgid ""
 "This is the unique identifiers field type. Usually it should be ``urn:oasis:"
 "names:tc:SAML:1.1:nameid-format:emailAddress``."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:151
+#: ../settings/security/third-party/saml.rst:134
 msgid "Zammad **expects an email address as unique identifier**!"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:155
+#: ../settings/security/third-party/saml.rst:138
 msgid "UID attribute name"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:154
+#: ../settings/security/third-party/saml.rst:137
 msgid ""
 "Here you can define an attribute that uniquely identifies the user. If "
 "unset, the name identifier returned by the IDP is used."
@@ -18258,101 +18203,361 @@ msgstr ""
 msgid "Example configuration of SAML part 2"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:163
+#: ../settings/security/third-party/saml.rst:146
 msgid ""
 "Decide if the certificate for the connection to the IdP service has to be "
 "verified or not (default: ``yes``)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid "Signing & Encrypting"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:169
+#: ../settings/security/third-party/saml.rst:152
 msgid ""
 "Define if you want to sign, encrypt, do both or nothing for the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "Certificate (PEM)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:172
+#: ../settings/security/third-party/saml.rst:155
 msgid ""
 "Paste the public certificate of your Zammad SAML client, if you want to "
 "encrypt the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:175
+#: ../settings/security/third-party/saml.rst:158
 msgid "Make sure the certificate is:"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:177
+#: ../settings/security/third-party/saml.rst:160
 msgid "already valid and not yet expired"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:178
+#: ../settings/security/third-party/saml.rst:161
 msgid "no CA certificate"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:179
+#: ../settings/security/third-party/saml.rst:162
 msgid "valid for signing and encrypting"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Private key (PEM)"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:182
+#: ../settings/security/third-party/saml.rst:165
 msgid ""
 "Paste the private key of your Zammad SAML client here, if you want to sign "
 "the requests."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:185
+#: ../settings/security/third-party/saml.rst:168
 msgid "Make sure the key is an RSA key with a length of at least 2048 bits."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "Private key secret"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:188
+#: ../settings/security/third-party/saml.rst:171
 msgid "If your private key is secured with a secret, you can provide it here."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:192
+#: ../settings/security/third-party/saml.rst:175
 msgid "Your callback URL"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:191
+#: ../settings/security/third-party/saml.rst:174
 msgid ""
 "This URL is needed for your IdP configuration so it knows where to redirect "
 "to after successful authentication."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:194
+#: ../settings/security/third-party/saml.rst:177
 msgid ""
 "After saving your input by clicking on the \"Submit\" button, Zammad "
 "verifies the provided keys/certificates (e.g. if they are valid for signing/"
 "encrypting and if they aren't expired)."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:199
+#: ../settings/security/third-party/saml.rst:182
 msgid ""
 "See :ref:`automatic account linking <automatic-account-linking>` for details "
 "on how to link existing Zammad accounts to IdP accounts."
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:205
+#: ../settings/security/third-party/saml.rst:188
 msgid "Automatic account linking doesn't work"
 msgstr ""
 
-#: ../settings/security/third-party/saml.rst:206
+#: ../settings/security/third-party/saml.rst:189
 msgid ""
 "Have you double-checked your IdP's user attribute mapping configuration?"
 msgstr ""
 
+#: ../settings/security/third-party/saml/saml-keycloak.rst:2
+msgid "SAML with Keycloak"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:5
+msgid "Step 1: Keycloak Configuration"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:7
+msgid ""
+"**To add Zammad as a client,** save the XML configuration to disk (``https://"
+"your.zammad.domain/auth/saml/metadata``) and use **Clients > Clients list > "
+"Import client** in the Keycloak admin panel."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:13
+msgid ""
+"To help Zammad **match its own user accounts to Keycloak users**, create a "
+"user attribute (or “property”) mapper. In **Clients list**, click on your "
+"newly created Client ID, choose the tab **Client scopes** and click on the "
+"link which refers to your Zammad instance. Choose **Add mapper > By "
+"configuration > User Property** and create a mapper with the following "
+"entries:"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:22
+msgid "**Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:24
+msgid "**Mapper Type**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:25
+msgid "``User Property``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:26
+msgid "**Property**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:27
+msgid "``emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:28
+msgid "**SAML Attribute Name**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:30
+msgid "**SAML Attribute NameFormat**"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:31
+msgid "``basic``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:33
+msgid ""
+"In the example above, we're telling Zammad that whenever it receives a SAML "
+"login request, it should take the ``email`` property from Keycloak, look for "
+"a Zammad user with the same ``email`` attribute, and create a new session "
+"for that user."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:39
+msgid ""
+"If your Keycloak users' email addresses are stored on another property (*e."
+"g.,* ``username``), adjust accordingly."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:42
+msgid ""
+"Back in **Settings**, enter the Client ID (``https://your.zammad.domain/auth/"
+"saml/metadata``) in the field **Master SAML Processing URL**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:46
+msgid "You also need to enable **Sign assertions**."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:49
+msgid "2. Configure Zammad"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:51
+#: ../settings/security/third-party/saml/saml-microsoft.rst:53
+msgid "Log in to Zammad as an administrator"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:52
+#: ../settings/security/third-party/saml/saml-microsoft.rst:54
+msgid ""
+"In the admin panel go to \"Settings\" > \"Security\" > \"Third-party "
+"Applications\" > \"Authentication via SAML\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:54
+#: ../settings/security/third-party/saml/saml-microsoft.rst:56
+msgid "Provide the following information:"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:56
+msgid ""
+"SAML IdP Login URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:57
+msgid ""
+"SAML IdP Logout URL: ``https://your.domain/realms/your-realm/protocol/saml``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:59
+#: ../settings/security/third-party/saml/saml-microsoft.rst:61
+msgid ""
+"Name Identifier Format: ``urn:oasis:names:tc:SAML:1.1:nameid-format:"
+"emailAddress``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:60
+#: ../settings/security/third-party/saml/saml-microsoft.rst:62
+msgid ""
+"SAML IdP Certificate: Upload the previously downloaded Base64 certificate."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:61
+#: ../settings/security/third-party/saml/saml-microsoft.rst:63
+msgid "Save the settings"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-keycloak.rst:64
+#: ../settings/security/third-party/saml/saml-microsoft.rst:72
+msgid ""
+"Read on at :ref:`saml-zammad` for a description of the specific fields in "
+"Zammad."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:2
+msgid "SAML with Microsoft 365"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:5
+msgid "1. Register Zammad as an Application in Microsoft Entra ID"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:7
+msgid "Log in to the Microsoft Entra admin center with administrative rights"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:8
+msgid ""
+"Navigate to \"Identity\" > \"Applications\" > \"Enterprise Applications\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:9
+msgid "Click \"New Application\" and select \"Create your own application\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:10
+msgid "Enter a name for the application, e.g. \"Zammad SAML Integration\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:11
+msgid ""
+"Choose \"Integrate any other application you don't find in the gallery\", "
+"then click \"Create\""
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:15
+msgid "2. Configure SAML-based Single Sign-On (SSO)"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:17
+msgid "After the application is created, go to its overview page"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:18
+msgid "Select \"Single sign-on\" from the left-hand menu"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:19
+msgid "Choose \"SAML\" as the sign-on method"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:20
+msgid "In the \"Basic SAML Configuration\" section, click \"Edit\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:22
+msgid ""
+"Identifier (Entity ID): Use Zammad's Entity ID, which can be found at "
+"``https://your.zammad.domain/auth/saml/metadata``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:24
+msgid ""
+"Reply URL (Assertion Consumer Service URL): Set it to ``https://your.zammad."
+"domain/auth/saml/callback``"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:27
+msgid "Save the configuration"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:30
+msgid "3. Configure User Attributes and Claims Mapping"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:32
+msgid ""
+"In the \"Attributes & Claims\" section, click \"Edit\". By default, some "
+"claims like User Principal Name, Email Address, First Name, and Last Name "
+"are already configured."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid ""
+"Screenshots showing \"Attribute & Claims\" configuration in Entra admin "
+"center"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:41
+msgid "4. Download the SAML Certificate"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:43
+msgid ""
+"In the \"SAML Signing Certificate\" section, download the \"Certificate "
+"(Base64)\":"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:None
+msgid "Screenshot showing the highlighted certificate export already"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:51
+msgid "5. Configure Zammad"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:58
+msgid ""
+"IDP SSO target URL: The Login URL from the Microsoft Entra Admin Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:59
+msgid ""
+"IDP single logout target URL: The Logout URL from the Microsoft Entra Admin "
+"Center."
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:66
+msgid "6. Assign Users"
+msgstr ""
+
+#: ../settings/security/third-party/saml/saml-microsoft.rst:68
+msgid ""
+"In Microsoft Entra ID, assign the relevant users to the Zammad application "
+"to grant them access."
+msgstr ""
+
 #: ../settings/security/third-party/twitter.rst:4
 msgid ""
 "It is possible to create a quick login for your helpdesk via Twitter. To do "