App Registration: How to support SAML and OpenID Connect on existing Microsoft Entra Gallery App.

Ray Chen 0 Reputation points
2024-09-10T16:27:13.68+00:00

I am an app developer, and I already have an application registration published on the Microsoft Entra Gallery. My current application only supports OpenID connect, but I also want to support SAML to allow for identity provider initiated login.

When I try to set it up from "Enterprise Applications -> Single Sign-on", I get the message "SAML is not enabled for <Enterprise Application Name>. If the application supports SAML-based single sign-on, you can request Microsoft to upgrade the list for the application."

How do I update my existing app registration to support both SAML and OpenID Connect protocols? I want all tenants that installed my app from the Microsoft Entra Gallery to be able to use SAML SSO (while maintaining backwards compatibility with existing OpenID Connect)?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,792 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Navya 10,955 Reputation points Microsoft Vendor
    2024-09-13T11:12:28.3633333+00:00

    Hi @Ray Chen

    Thank you for posting this in Microsoft Q&A.

    I understand that you have an application registered on the Microsoft Entra Gallery. Currently, the application only supports OpenID Connect, but you would like to add SAML support to enable identity provider-initiated logins.

    As your application was registered using App registrations in the portal, then the single sign-on capability is configured to use OpenID Connect and OAuth by default. In this case, the SAML single sign-on option doesn't appear in the navigation under enterprise applications.

    Choose SAML for existing applications that don't use OpenID Connect or OAuth. It is not possible to modify your current app registration to support both SAML and OpenID Connect protocols.

    For more information: https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/what-is-single-sign-on#single-sign-on-options

    To create a SAML SSO application, you need to create an enterprise application in the Microsoft Entra admin center.

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Navya.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.