Create my own application for adding SAML App.

Question

How to create my application to integrate SAML2.0 AD with my organization's App?

I need to create my own application under the new application section. The option is greyed out. I was told that all SSO options should be included in my trial account.

Any help is greatly appreciated. Thanks.!

Answer 1

Hi Vijai,

1- First Part of your question:

To create your own application to integrate SAML 2.0 with your organization's app in Microsoft Entra ID, follow these steps:

Create an Application:

• Go to the Microsoft Entra admin center.
• Select Microsoft Entra ID > Enterprise applications.
• Click on 'New application'.
• Enter the display name for your new application.
• Select 'Integrate any other application you don't find in the gallery'.
• Click on 'Create'​​.

Set Up SAML SSO:

• On the app's Overview page, select 'Single sign-on'.
• Choose 'SAML' as the single sign-on method​​.
• Configure SAML-based authentication for the application, ensuring it works while on the corporate network​​.
• Add at least one user to the application and test single sign-on with the account while connected to the corporate network​​.

Configure AuthnRequest:

• Cloud services send an AuthnRequest element to Microsoft Entra ID to request user authentication​​.
• The Issuer element in AuthnRequest must match one of the ServicePrincipalNames in Microsoft Entra ID, typically set to the App ID URI specified during application registration​​.
• Optionally, include a NameIDPolicy element to request a particular name ID format in the response​​.
• The RequestedAuthnContext element specifies the desired authentication methods and is optional​​.

Optional Signature Element:

• A Signature element in AuthnRequest elements is optional but recommended for security. Microsoft Entra ID can be configured to enforce the requirement of signed authentication requests​​.

Avoid Including Subject Element:

• Do not include a Subject element in AuthnRequest as Microsoft Entra ID doesn't support it and will return an error​​.

Understand the SAML Response:

• The SAML response includes elements like Response, Assertion, Subject, and **Conditions**​​​​​​​​.
• The Response element includes the result of the authorization request and attributes like Destination and **InResponseTo**​​.
• The Status element in the response conveys the success or failure of sign-on​​.
• The Assertion element is signed by Microsoft Entra ID to verify the integrity of the assertion​​.

1. Conditions and Audience:

• The Conditions element specifies the acceptable use of SAML assertions​​.
• The Audience element contains a URI that identifies an intended audience, set to the value of Issuer element of the AuthnRequest that initiated the sign-on​​.

2 - Second Part:

Please note that if the option to create a new application is greyed out in your trial account, it might be due to account permissions or limitations specific to the trial version. You may need to check with your Azure administrator or Create A Microsoft Support Ticket from your Azure Portal.