External Identities Flow : Is a custom sign up application is necessarily required?

75969757 5 Reputation points
2023-05-30T09:43:37.4033333+00:00

Hello,

We are using External Identities to manager our customers.

We have a website which uses Azure AD via SAML for users authentication.

We want to add the ability for a user to self-register.

We enabled self-service sign up and create the corresponding user flow.

Under user flow, we can specify the Application used for sign up, my question:

  • Do we need to create our own application to allow registration?
  • We created an Enterprise Application, with "Linked Sign-On", pointing to the secured website, added It to the User Flow, but navigating to the Application URL we got a sign-in screen (But no sign up option).

Can someone clarify that to me, I have been looking around for some time and I am bit confused (I would not understand why I would need a custom application the create a user...).

Thanks in advance!

Kind regards,

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,767 questions
0 comments No comments
{count} vote

2 answers

Sort by: Most helpful
  1. 2023-05-31T10:13:13.01+00:00

    Hello @75969757 , you should be able to use an Azure AD enterprise/SAML application for a Sign-Up User Flow. That being said, Linked-based SSO doesn't provide sign-on functionality through Azure AD. The option simply sets the location that users are sent when they select the application on the My Apps or Microsoft 365 portal. More importantly, LInked-based SSO applications are not SAML applications. You need to create a Azure AD SAML enabled enterprise application or an (OAuth2/OIDC enabled) app registration.

    Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.

    0 comments No comments

  2. Joris van Antwerpen 1 Reputation point
    2023-06-09T14:42:57.1166667+00:00

    I have the same problem, I'm getting the Sign Up option. However I'm using a SalesForce Enterprise app, with dummy SAML configuration as a test. I'm using the IDP-initiated login URL to test:

    https://account.activedirectory.windowsazure.com/applications/testfedaratedapplication.aspx?servicePrincipalId=7901b924-etc.

    Could that be an issue?

    0 comments No comments