Do I need a verified domain to federate applications in Entra ID?

Question

Do I need a verified domain to federate applications in Entra ID?

Pedro Ignácio 1 MVP

I'm trying to integrate an application with my tenant via SAML.

It's one of the applications listed in Entra ID's application gallery. One of the steps required in the tutorial is to verify a domain in the application. As I'm not the owner of the .onmicrosoft.com domain, I'm not able to verify it.

This got me thinking, am I required to have a domain to integrate the applications in my tenant?

Givary-MSFT 35,786 Reputation points Microsoft Employee Moderator

2024-03-08T03:15:24.5266667+00:00

@Pedro Ignácio Just checking in to see if below information was helpful. If you have any further updates on this issue, please feel free to post back.

1 answer

Your answer

Givary-MSFT 35,786 Reputation points Microsoft Employee Moderator

2024-03-08T03:15:24.5266667+00:00

@Pedro Ignácio Just checking in to see if below information was helpful. If you have any further updates on this issue, please feel free to post back.

Answer 1

Andy David - MVP 160.3K MVP Volunteer Moderator

If your tenant is going to be the Identity provider , and you need to verify it for the app, then yes you need a verifiable custom domain setup in Entra.

https://learn.microsoft.com/en-us/entra/identity/users/domains-manage

Having said that, you could in theory simply use the onmicrosoft domain you manage as the domain but if the app is requiring proof of ownership, then you really should setup a custom domain as the onmicrosoft.com domain is considered a "fallback domain"

https://learn.microsoft.com/en-us/microsoft-365/admin/setup/add-or-replace-your-onmicrosoftcom-domain?view=o365-worldwide

0 comments

Share via

Do I need a verified domain to federate applications in Entra ID?

1 answer

Your answer