With SAML single sign-on, Azure AD authenticates to the application by using the user's Azure AD account. Azure AD communicates the sign-on information to the application through a connection protocol. With SAML-based single sign-on, you can map users to specific application roles based on rules you define in your SAML claims.
Choose SAML-based single sign-on when the application supports it.
SAML-based single sign-on is supported for applications that use any of these protocols:
Configuring for portal
1. Under the App Registration menu of the Azure Active directory, select New Application.
2. Specify a custom name for the application, choose the appropriate supported account type.
4. At this point, a new application is created. Go to the Authentication section in the menu.
Under Redirect URI specify the URL of the portal http://portal.contoso.com/signin-azure-ad. and the logout URL if required.
A standard Azure AD configuration only uses the following settings (with example values): Authentication/SAML2/AzureAD/MetadataAddress - https://login.microsoftonline.com/01234567-89ab-cdef-0123-456789abcdef/federationmetadata/2007-06/federationmetadata.xml
Authentication/SAML2/AzureAD/AuthenticationType - https://sts.windows.net/01234567-89ab-cdef-0123-456789abcdef/
Use the value of theentityID attribute in the root element of the federation metadata (open theMetadataAddress URL in a browser that is the value of the above site setting)
Authentication/SAML2/AzureAD/ServiceProviderRealm - https://portal.myexample.com/
Authentication/SAML2/AzureAD/AssertionConsumerServiceUrl - https://portal.myexample.com/signin-azure-ad |
No comments:
Post a Comment