Single Sign On for Azure
Identifier: the SAML Entity ID. It needs to match your local Service Provider name. You can use the full URL of the SP web. For example, if your SP site is at https://ServiceProvider, you need to use the same value for the identifier.Reply URL: set to your Assertion Service URL. e.g., https://ServiceProvider/AssertionService
In this post, we will walk you through on how to integrate an app using our Single Sign-On library with Azure Active Directory. You can also take a look at Microsoft's resource regarding Azure ADFS: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-custom-apps. To learn more on how our library work with ADFS, you can download our package and take a look at the ADFS example.
Add and Configure an Enterprise Application for SSO
Please follow the steps below:
1. Log into Azure as an Administrator ADFS portal link: https://portal.azure.com/
2. Navigate to enterprise applications for Azure Active Directory.
You will see your apps listed here. Click on 'New Application' button.
3. Add a non-gallery application
Since our SAML app is a non-gallery app, click on the add button on the right highlighted below then specify its name (e.g., ServiceProvider) and click Add.
4. Assign a user for testing
5.Configure SSO
6. Map user attributes
A user identifier is the SubjectName Identifier. After assigning a user to your app, you can map user attributes. To return custom attributes in SAML response, add custom attributes in this step.
7. Set certificate to sign tokens In SAML Signing Certificate section, click on 'Create a new certificate' to upload your SP's certificate to Azure ADFS to sign messages sending to your SP.
8. Download metadata XML After that, click on 'Configure ServiceProvider' to configure the app. 'ServiceProvider' is the name of your app. If you name it like 'MyApp' the link would be Configure MyApp. If you want to generate your own metadata XML, take a look at Generating SP Metadata and Constructing Metadata for IdP.