having Multiple application in Azure with individual SAML

Nasir 1 Reputation point
2022-06-06T21:36:12.62+00:00

Hello,
I am trying to create custom applications and enable SAML in each application. for example I have two Cisco ISE Deployment. Is there any document pointing to this configuration of having multiple applications in the same tenant, each with a separate SAML configuration?

Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
141 questions
Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,712 questions
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Eric Woodruff 251 Reputation points
    2022-06-07T03:10:21.28+00:00

    You can have several SAML applications within the same tenant that are the same application. When creating the application you will want to just name the application accordingly, as you cannot have two applications with the same name - so use something like Cisco ISE US and Cisco ISE Europe, or Cisco ISE Prod and Cisco ISE Test (or whatever logically makes sense for how you are deploying them), and then you will just need to ensure that the EntityID is different in each particular deployment of Cisco ISE - from searching Cisco documentation it appears the EntityID is generated containing a GUID/ID specific to each ISE instance so that should not be an issue. Your ReplyURL (ACS URL) settings for SAML also will likely be different for each ISE deployments, so effectively from an Azure AD perspective it would see this as two totally disparate systems.

    The Azure AD Gallery for deploying applications is to just help accelerate deployment of applications, but it does not "limit" you to only one instance of any said application within an Azure AD tenant. From a SAML metadata exchange perspective, as long as the EntityID is unique, SAML (and Azure AD) just sees all applications (Relying Party [RP]/Service Provider [SP]) as different and disparate systems.

    No comments