![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 37%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVG%3C/text%3E%3C/svg%3E)
25,081 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 82%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAZ%3C/text%3E%3C/svg%3E)
Hi Vijai,
1- First Part of your question:
To create your own application to integrate SAML 2.0 with your organization's app in Microsoft Entra ID, follow these steps:
Create an Application:
- Go to the Microsoft Entra admin center.
- Select Microsoft Entra ID > Enterprise applications.
- Click on 'New application'.
- Enter the display name for your new application.
- Select 'Integrate any other application you don't find in the gallery'.
- Click on 'Create'.
Set Up SAML SSO:
- On the app's Overview page, select 'Single sign-on'.
- Choose 'SAML' as the single sign-on method.
- Configure SAML-based authentication for the application, ensuring it works while on the corporate network.
- Add at least one user to the application and test single sign-on with the account while connected to the corporate network.
Configure AuthnRequest:
- Cloud services send an
AuthnRequestelement to Microsoft Entra ID to request user authentication. - The
Issuerelement inAuthnRequestmust match one of the ServicePrincipalNames in Microsoft Entra ID, typically set to the App ID URI specified during application registration. - Optionally, include a
NameIDPolicyelement to request a particular name ID format in the response. - The
RequestedAuthnContextelement specifies the desired authentication methods and is optional.
Optional Signature Element:
- A
Signatureelement inAuthnRequestelements is optional but recommended for security. Microsoft Entra ID can be configured to enforce the requirement of signed authentication requests.
Avoid Including Subject Element:
- Do not include a
Subjectelement inAuthnRequestas Microsoft Entra ID doesn't support it and will return an error.
Understand the SAML Response:
- The SAML response includes elements like
Response,Assertion,Subject, and **Conditions**. - The
Responseelement includes the result of the authorization request and attributes likeDestinationand **InResponseTo**. - The
Statuselement in the response conveys the success or failure of sign-on. - The
Assertionelement is signed by Microsoft Entra ID to verify the integrity of the assertion.
- Conditions and Audience:
- The
Conditionselement specifies the acceptable use of SAML assertions. - The
Audienceelement contains a URI that identifies an intended audience, set to the value ofIssuerelement of theAuthnRequestthat initiated the sign-on.
2 - Second Part:
Please note that if the option to create a new application is greyed out in your trial account, it might be due to account permissions or limitations specific to the trial version. You may need to check with your Azure administrator or Create A Microsoft Support Ticket from your Azure Portal.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 23%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAB%3C/text%3E%3C/svg%3E)