Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Azure - SAML steps completed

...

  1. Create a new enterprise application
  2. Assign corresponding users/groups to the newly created application (this defines the list of users who are allowed to sign in using SSO). Alternatively you can disable the Properties option "Assigment required?" to allow any user to login using SSO.
  3. Configure required settings under the "Single sign-on" tab (make sure to select "SAML" as the sign-on method)
    1. Under the "Basic SAML Configuration" define "Identifier (Entity ID)", "Reply URL (Assertion Consumer Service URL)" and "Sign on URL". 
      1. "Identifier (Entity ID)" corresponds to "Service Provider ID" available in the BMP SSO settings
      2. "Reply URL (Assertion Consumer Service URL)" and "Sign on URL" both correspond to Single Sign-On URL available in the BMP SSO settings.
    2. Under "Attributes & Claims" the "name" attribute should be set to "user.displayname" (by default this is set to "user.userprincipalname").
    3. Acquire "App Federation Metadata Url" which is available under "SAML Certificates" section and copy the URL to BMP SSO settings to the "SAML metadata URL" field.

Microsoft Azure - SSO with OpenID Connect