Share via

What is Sign On URL in Azure Active Directory Enterprise Application and why is it required?

Phillip Mann 21 Reputation points
2021-12-22T12:08:24.917+00:00

I am trying to configure an Azure Active Directory Enterprise Application to use SAML IDP initiated SSO with my auth0 Enterprise SAML connection (auth0 is serving as the identity provider) and my own personal application is the service provider. We want to support Azure for our customers. The Azure SAML toolkit has a field called "Sign on URL" but I do not know what value I am supposed to fill here or what this is for. For Google and OneLogin, I did not have to fill in this field to get SSO to work. I saw this SO link when creating this post: SAML - IDP Initiated Example (Azure AD SAML Toolkit)? but this seems to be outdated as it is required to fill in this URL.

So, what should this URL be? Why is this URL required? Does anyone know of how to get Azure AD Enterprise Application to work with an auth0 SAML connection? Thank you.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Accepted answer
  1. Siva-kumar-selvaraj 15,721 Reputation points
    2021-12-22T20:42:32.88+00:00

    SAML Tool Kit is a pre-configured sample application available in the Azure AD gallery by using which you can learn how to integrate SAML based application with Azure Active Directory (Azure AD) as an example to get hands-on experience so that you apply same concepts when integrating your application with Azure AD for Single Sign-on. Note: In this instance, the SAML tool kit application is the SP (service provider), and Azure AD is the IDP (identity provider).

    You would find similar steps over here: https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/add-application-portal

    However, based on your questions, what I understood that you have Auth0 (IDP) and your own application which already integrated as SP for authentication, but there is a requirement to create new connection between Auth0 with Azure AD in order to allow users from other organizations' Azure ADs to use your application. If that is the case, I hope the following thread is of helpful.

    https://community.auth0.com/t/instructions-how-to-use-azure-saml-to-authenticate-users-to-access-auth0-website/34233

    In case if you wanted your own application directly to integrate with Azure AD for SAML SSO then go to Azure AD --> New Application --> Create your own application

    159766-image.png

    Once application has created successfully, then configured SAML SSO as shown below.

    159767-image.png

    Hope this was helpful

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Siva-kumar-selvaraj 15,721 Reputation points
    2021-12-22T13:02:58.823+00:00

    Hello @Phillip Mann ,

    Thanks for reaching out.

    Sign On URL in Azure Active Directory Enterprise Application contains the sign-in page for your application that will perform the service provider-initiated single sign-on. The patterns looks like https://yourapplication.domain.com/login. You can just leave it blank if you want to perform identity provider initiated single sign-on for your application.

    159725-image.png

    But some of Azure AD Gallery Enterprise application doesn't support IDP initiated SSO in those cases Sign On URL field would be marked as mandatory as shown below. For an example SAML took kit one of Gallery app which doesn't support as this is a sample SAML application created for Azure AD customers to test the SSO integration.

    159646-image.png

    Hope this was helpful.

    -----
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.