How to use a SAML identity provider to access the API developer portal

Question

Hi,

We would like to know if there is a way to add a SAML based IDP to restrict access to the "Developer portal" in the "API Management Services".

Currently we can only see "Azure Active Directory" and "Azure Active Directory B2C". We do not use either to authenticate our customers and are just looking for a generic SAML solution.

2023-11-09_12-13-10.png

Thanks!

Answer 1

Daniel Cutler Thanks for posting your question in Microsoft Q&A. Yes, you are right. Currently, we have two options Microsoft Entra ID (formerly Azure AD) and Azure AD B2C as described in Secure access to the API Management developer portal doc and unfortunately, there is no direct way to add other IDP with the current design. However, Azure AD B2C supports federated organizational accounts with generic OpenID Connect providers which might be an alternate solution and check out Set up sign-up and sign-in with generic OpenID Connect using Azure Active Directory B2C doc for more info.

One other option is to use delegation to handle developer sign-in/sign-up instead of built-in functionality and here is doc reference: How to delegate user registration and product subscription.

We have similar feedback such as Allow custom identity provider portal account creation/login, Managing SAML configuration for internal identities in the Azure Portal, Azure APIM integration with External Identity Provider in our feedback forum from other customers and suggest you upvote the features. I agree this feature would be very helpful and will also pass feedback internally with our product team.

I hope this helps and let me know if any questions.

---

If you found the answer to your question helpful, please take a moment to mark it as Yes for others to benefit from your experience. Or simply add a comment tagging me and would be happy to answer your questions.