Skip to main content

Microsoft Entra ID (Azure AD) SAML

About 2 min

Microsoft Entra ID (Azure AD) SAML Configuration

This session shows how to register a SAML application on the Microsoft Entra ID (Azure AD) portal. When registering the application, we are getting the following value that is needed for later configuration in Datawiza Cloud Management Console (DCMC):

  • Metadata Url

App registration in Azure

  1. Choose Enterprise Applications from the left sidebar and create a new Registration by clicking New registration. Microsoft Entra ID SAML SSO
    Microsoft Entra ID SAML SSO
    Click Create your own application, input the name and select Integrate any other application you don't find in the gallery (Non-gallery), then click Create: Microsoft Entra ID SAML SSO

  2. Select Users and Groups, click Add user/group: Microsoft Entra ID SAML SSO
    By default, no one was assigned to this application. So click None Selected and select the users and groups that should have access to log in: Microsoft Entra ID SAML SSO
    Click Assign:
    Microsoft Entra ID SAML SSO

  3. On the left-hand navigation under Manage click Single sign-on. Select SAML on the Select a single sign-on method page: Microsoft Entra ID SAML SSO
    Then you will be navigated to the Set up Single Sign-On with SAML page. Microsoft Entra ID SAML SSO
    For Basic SAML Configuration, click Edit and configure with the following values:

    • Identifier (Entity ID): http://localhost:9772/saml/metadata
    • Reply URL (Assertion Consumer Service URL): http://localhost:9772/saml/acs

Microsoft Entra ID SAML SSO
Microsoft Entra ID SAML SSO
For Attributes & Claims, Under Additional Claims click ... then Delete and confirm the action next to each row and delete the four default claims.
Click + Add new claim at the top of the page. Configure with the following values:

NameNamespaceSourceSource attribute
emailLeave EmptyAttributeuser.userprincipalname
givenNameLeave EmptyAttributeuser.givenname
surnameLeave EmptyAttributeuser.surname
usernameLeave EmptyAttributeuser.displayname

Microsoft Entra ID SAML SSO
For groups, click + Add a group claim, select Security groups and customize the name of the group claim as groups: Microsoft Entra ID SAML SSO
Microsoft Entra ID SAML SSO
Microsoft Entra ID SAML SSO

  1. Back to Set up Single Sign-On with SAML page, for SAML Signing Certificate, copy the App Federation Metadata Url which is the Metadata Url needed for DCMC configuration. Microsoft Entra ID SAML SSO

Summary

We have shown how to register a SAML application on Microsoft Entra ID. Please make sure to save the following value for later setting in DCMC.

  • Metadata Url
Copyright © 2024 Datawiza Technologies Inc