Login and authorization
To log in to the Microsoft Azure Portal, go to https://portal.azure.com. To perform the following steps, a global administrator or an administrative user who is allowed to create enterprise applications is required.
Setting up the Azure AD application
- Open the Azure Active Directory service.
- In the menu, go to Enterprise applications and click on New application to create a new application. Then specify a name via Create your own application, select the menu item "Integrate any other...", and click on Create.
- In the created Enterprise application, click on Single sign-on under Manage, and select SAML as the method.
- From AEB, you will receive an identifier and a reply URL, which you enter in the fields using Edit, e.g.:
- Identifier: https://idp.aeb.com/auth/realms/aeb
- Reply URL: https://idp.aeb.com/auth/realms/aeb/broker/<example>/endpoint>
Transmitting data to AEB
The following data must be transmitted so that AEB can connect the application:
Federation Metadata URL app can be found in the Enterprise application under Single Sign-On in the "SAML Certificates" section:
In the Help Center article Setting up single sign-on (SSO) via Microsoft Azure Active Directory via OpenID Connect you can find more information about:
Assigning rights in the enterprise application
Restricting the login to certain users or groups via the application
- Emitting Azure Active Directory groups in the token