Share via

Azure AD as a Service Provider with Metadata URL

suf 21 Reputation points
2021-12-28T10:07:13.29+00:00

If I, as a service provider, want to host an application from Azure AD I can do this by making my application multi tenant. My customers, as an identity provider, can connect to this multi tenant application by exchanging tenant ID/application ID/Client secret/etc. That is, if the customer is alo using Azure AD of course.

But what if the customer is not using Azure AD, but ADFS, Okta, PingFederate or some other SAML IDP. How can those customers connect? Is Azure AD able to provide an Metadata URL which the customer can use to make up the trust? Or do we need Azure AD B2C for this?

Thanks!

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Accepted answer
  1. Siva-kumar-selvaraj 15,721 Reputation points
    2021-12-28T18:01:59.96+00:00

    Hello @suf ,

    Thanks for reaching out.

    This scenario you could leverage either B2C or Azure AD external identity providers feature by which you can set up federation with any organization whose identity provider (IdP) supports the SAML 2.0 or WS-Fed protocol.

    The Azure AD metadata can be downloaded from this URL:
    https://nexus.microsoftonline-p.com/federationmetadata/saml20/federationmetadata.xml.
    For customers in China using the China-specific instance of Microsoft 365, the following federation endpoint should be used: https://nexus.partner.microsoftonline-p.cn/federationmetadata/saml20/federationmetadata.xml.

    160908-image.png

    Configure SAML/WS-Fed based identity provider federation with AD FS (preview)
    Federation with SAML/WS-Fed identity providers for guest users (preview)

    To learn more about what are External Identities in Azure Active Directory, refer: https://learn.microsoft.com/en-us/azure/active-directory/external-identities/compare-with-b2c#compare-external-identities-solutions

    -----
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. suf 21 Reputation points
    2021-12-29T07:23:19.457+00:00

    Hi Sikumars,

    Thank you for this, really helpfull. So if I read it correct I use External Identities for collaboration and Azure B2C for customer related scenario's.
    Or is it also doable to create an SaaS application for our customers and let them connect through External Identities?

    Thanks again!

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.