stackoom
  简体   繁体   中英

How to use Azure AD as SAML IdP?

 原文  2021-11-08 19:57:28       azure/ azure-active-directory/ single-sign-on/ saml

Question

I am the developer for a (non-Azure-based) webapp that primarily uses a typical email+password for login. I have some customers that want to use their corporate SSO, so I implemented SAML, which allows them to log on using their Okta credentials.

Now I have a customer that would like to use their Azure AD as a IdP, and I am struggling to figure out how to configure this in Azure. I think that I would like to add an app to Azure's App Gallery, so that my customer can search for it, rather than being forced to create their own Integrate any other application you don't find in the gallery (Non-gallery) Enterprise Application. However, I am very new to the Azure ecosystem, and I am struggling to understand the difference between an "Azure Enterprise Application" and an "App Registration," etc. Most of the online guides that I can find seem to target a system administrator that uses Azure AD, and would like to add a 3rd-party SAML Application to their account; I am struggling to find anything targeted towards those 3rd-party app developers.

When I navigate to the application that I created in Azure Active Directory > Enterprise applications , the Single Sign On tab tells me that SSO is not available for this application, and to "edit the properties" of my App Registration Experience, without specifying what properties prevent me from using SSO.

Azure AD 企业应用程序 SSO 选项卡

Could anyone point me in the right direction to registering an application and allowing my customers to use their Azure AD to single-sign-on to my application?

1 answers

solution1
 1  2021-11-09 08:53:29

The simplest way to create an IdP in Azure AD is for the customer to go to their Azure Portal and:

Azure Active Directory -> Enterprise applications -> New application -> Create your own application

Call it "Your Company Service Provider" (suitable name required). Your non-azure app will be the Service Provider.

You must give them your SAML metadata or at least your SAML entityID and SAML AttributeConsumerService (ACS) URL. They then put them in the appropriate boxes under Single Sign-on -> Basic SAML Configuration in the Azure app.

They then configure Single Sign-on -> Attributes & Claims in the Azure app to suit your application's requirements. For example, of your application just needs a username, they could configure:

urn:oid:1.3.6.1.4.1.5923.1.1.1.6:eduPersonPrincipalName

to be released in this section.

Once they have created the IdP they would need to send you their SAML IdP metadata, which is available in the App Federation Metadata Url section of SAML Signing Certificate.

Under Properties they need to configure who can login using the app.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question SAML IDP For Azure AD Lonin then redirect problem Azure AD - SAML with 3rd party as IDP How to make Azure AD use SAML2 How to integrate Okta as IDP using SAML with Azure AD B2C? SAML Single Log Out with Azure AD as IDP in SAP HANA Use Azure AD as IDP to protect Azure function Okta as IDP in Azure AD Azure AD for IdP and SP Configure SAML SSO with azure ad b2c and ping one idp Authenticating in MS Azure AD with returned SAML 2.0 artifact from another IdP
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM