Sign on URL in Microsoft Entra ID

Question

Hi, I have created enterprise application in Entra ID and added SAML SSO. In Basic SAML Configuration its asking for Sign on Url which is optional,
My confusion starts note that is given 

Sign on URL is used if you would like to perform service provider-initiated single sign-on. This value is the sign-in page URL for your application. This field is unnecessary if you want to perform identity provider-initiated single sign-on.

In my flow , I have Okta OIDC SPA application which is initiating login flow and then i am using Entra ID as SAML idp which is configured in Okta itself to access SPA app which will then redirect to my app.

can someone explain why Sign on url is needed as i am already having SP initiated flow where okta SPA app is redirecting to Azure AD, would like to understand the sign on url field in better way

Answer 1

Hi @Mayur fscloud

Thanks for reaching out to Microsoft Q&A.

I'll leave to you an explanation from our community member @Siva-kumar-selvaraj which I hope will be helpful to you. Let us know if you have any questions or if I misunderstood your request.

"Sign On URL in Azure Active Directory Enterprise Application contains the sign-in page for your application that will perform the service provider-initiated single sign-on. The patterns looks like https://yourapplication.domain.com/login. You can just leave it blank if you want to perform identity provider initiated single sign-on for your application.

But some of Azure AD Gallery Enterprise application doesn't support IDP initiated SSO in those cases Sign On URL field would be marked as mandatory as shown below. For an example SAML took kit one of Gallery app which doesn't support as this is a sample SAML application created for Azure AD customers to test the SSO integration."