I'm being asked to provide an SP Entity ID and ACS URL for a third party in order to set up a custom external identity in Azure

Question

I'm being asked to provide an SP Entity ID and ACS URL for a third party in order to set up a custom external identity in Azure

John Chase 20

Hi

We have an external (non-Microsoft user) customer who we'd like to provide access to an internal PowerApp for.

In order for them to authenticate using their own SAML which I believe they have developed in house, I was going to create a custom external identity in Azure.

To receive their metadata.xml to set this up, they have requested an SP Entity ID and ACS URL from us.

I'm not clear how to create or find these within Azure. Have read a lot about creating an Enterprise application but we've only done this the opposite way, for when wanting to use our Entra IDs to SSO to third party apps.

Any help would be appreciated.

Thanks!

Jyotishree Moharana 1,845 Reputation points Microsoft External Staff Moderator

2025-04-28T08:47:48.5233333+00:00

Hello @John Chase,

Following up to check if the provided information was helpful for you. If there are any additional questions or queries, do let us know.
John Chase 20 Reputation points

2025-04-28T09:23:49.3433333+00:00

Hi @Jyotishree Moharana

Thank you for taking time to answer my question, it's much appreciated.

I'm just waiting for the third party to respond with the metadata file before we can test and be sure the information is correct.

If all works, I shall mark your answer as accepted, or will reply here for any additional questions.

Have a great day!
Jyotishree Moharana 1,845 Reputation points Microsoft External Staff Moderator

2025-04-29T10:45:03.16+00:00

Hello John,

Thank you for the update.

Accepted answer

0 additional answers

Your answer

Jyotishree Moharana 1,845 Reputation points Microsoft External Staff Moderator

2025-04-28T08:47:48.5233333+00:00

Hello @John Chase,

Following up to check if the provided information was helpful for you. If there are any additional questions or queries, do let us know.
John Chase 20 Reputation points

2025-04-28T09:23:49.3433333+00:00

Hi @Jyotishree Moharana

Thank you for taking time to answer my question, it's much appreciated.

I'm just waiting for the third party to respond with the metadata file before we can test and be sure the information is correct.

If all works, I shall mark your answer as accepted, or will reply here for any additional questions.

Have a great day!
Jyotishree Moharana 1,845 Reputation points Microsoft External Staff Moderator

2025-04-29T10:45:03.16+00:00

Hello John,

Thank you for the update.

Answer 1

Hello @John Chase,

As your customer have developed their own SAML IdP and in this scenario Entra ID will be acting as a Service Provider below are the normally used standard values when Entra ID acts as SAML SP.

SP Entity ID : https://login.microsoftonline.com/<your-tenant-id>/

ACS URL : https://login.microsoftonline.com/<your-tenant-id>/saml2

(specify your tenant ID)

Kindly do note these values are global for your tenant across all apps unless required for anything custom.

This will help in federating their identity provider (their SAML IdP) with your Entra ID tenant, so that they can authenticate using their credentials. From your end it would be required to setup the custom SAML/WS-Fed identity provider under External Identities provider in your Entra ID.

Share via

I'm being asked to provide an SP Entity ID and ACS URL for a third party in order to set up a custom external identity in Azure

0 additional answers

Your answer