Azure AD Federation [SAML]

NUP 1 Reputation point
2021-04-27T19:32:53.6+00:00

What option azure AD has to accept an inbound SAML Assertion ? Do we need to setup ADFS for this ?

Scenario : We have partners that uses azure AD as IDP. Right at the moment our IDP receive signed SAML Assertion from partner system and our IDP verify the SAML assertion and grant access to portal.

**The SAML Assertion include custom parameter that are key to open our applications

FYI: We are accessing Azure AD as potential IDP, And this is a POC work we are trying to solve.

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,604 questions
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. AmanpreetSingh-MSFT 55,201 Reputation points
    2021-05-07T10:46:46.267+00:00

    Hi @NUP · Thank you for reaching out.

    Yes, Azure AD can be federated with an external IDP using SAML protocol. You can setup ADFS or any other IDP that supports federation using SAML for this purpose.

    Azure AD will receive SAML Assertion from the IDP (ADFS), consume that assertion, and issue Access Token.

    If you have application federated to Azure AD and Azure AD is federated to ADFS, and ADFS is responsible to authenticate the users who want to access the application, the flow would be:

    1. Application will redirect to Azure AD.
    2. Azure AD will then redirect to ADFS.
    3. ADFS will contact Claims Provider (e.g. On-premises AD) to authenticate the user and issues a SAML token after successful authentication.
    4. The token is then provided to Azure AD.
    5. Azure AD validates the token and issues a new Access token with required claims to access the application.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.