Entra ID as SP for SAML SSO

Question

Hello

I am trying to set up Entra ID SSO using SAML. All the i can find is how to set it up as a Idp but i am using Entra ID as SP using SAML.

Has anyone used EntraID as SP using SAML? Can you please help

Answer 1

Hi @Harpreet Sidhu

Thank you for posting this in Microsoft Q&A.

I understand you want to setup Entra ID as SP for SAML SSO.

Single Sign-On (SSO) using Security Assertion Markup Language (SAML) can be initiated in two ways: Service Provider (SP) initiated, and Identity Provider (IdP) initiated. SSO process is triggered and who initiates the authentication flow. Here's the difference between the two:

SP-initiated SSO is commonly used in scenarios where a user needs to access a specific application or service hosted by the SP and is redirected to the IdP for authentication as part of the access process.

IdP-initiated SSO is commonly used in scenarios where users have a centralized portal (the IdP portal) where they can access various applications and services without needing to re-enter their credentials for each one.

SPs that utilize custom login pages (e.g. https://MyCompany.Dropbox.com) can often be configured to utilize SAML for ALL login attempts. Whereas others can be configured to utilize SAML for all sign-on requests made from usernames with a particular domain (e.g.https://myapplications.microsoft.com)

Just to clarify, are you trying to set up Azure AD as the Identity Provider (IdP) and EntraID as the Service Provider (SP) using SAML? Or are you trying to set up EntraID as the IdP and another application as the SP? Please provide more information so I can assist you better.

Thanks,

Navya.