25,263 questions
Is B2B IDP-Initiated SSO supported and SAML signature verification
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 3%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJB%3C/text%3E%3C/svg%3E)
J Bjurstrom
5
Reputation points
I am researching MS Entra as an Authentication Service Provider for an app we recently ported into Azure. Our clients primarily use IDP-Initiated SSO to authenticate their users with our application. The flow is their user authenticates within our client's portal. The user chooses to navigate to our app. The client portal posts a signed SAML response to us where we identify the client and use their configured public key to verify the SAML signature. Finally, we verify the SAML assertions and provision the user with the specified role.
We are looking to implement a similar flow using Entra where our client partners can send their already authenticated users into our application via IDP-Initated SSO for a relatively seamless transition. Can Entra support a flow like this? We have hundreds of clients, and each client would have a unique public key used to verify their SAML Responses.
Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} vote
-
Akshay-MSFT 17,961 Reputation points Microsoft Employee Moderator2023-08-10T12:51:28.5333333+00:00 Thank you for posting your query on Microsoft Q&A. I am reviewing this and will get back to you with further inputs.
Thanks,
Akshay Kaushik
Sign in to comment
Sign in to answer