Skip to main content
Deutsch English

Setting up single sign-on (SSO) via Microsoft Azure Active Directory via SAML

Kristian Sindek
  • Updated

Login and authorization

To log in to the Microsoft Azure Portal, go to https://portal.azure.com. To perform the following steps, a global administrator or an administrative user who is allowed to create enterprise applications is required.

Setting up the Azure AD application

  1. Open the Azure Active Directory service.
  2. In the menu, go to Enterprise applications and click on New application to create a new application. Then specify a name via Create your own application, select the menu item "Integrate any other...", and click on Create.

    create_application.png
  3. In the created Enterprise application, click on Single sign-on under Manage, and select SAML as the method.
  4. From AEB, you will receive an identifier and a reply URL, which you enter in the fields using Edit, e.g.:
  • Identifier: https://idp.aeb.com/auth/realms/aeb
  • Reply URL: https://idp.aeb.com/auth/realms/aeb/broker/<example>/endpoint>
    Basic_SAML_configuration.png

Transmitting data to AEB

The following data must be transmitted so that AEB can connect the application:
Federation Metadata URL app can be found in the Enterprise application under Single Sign-On in the "SAML Certificates" section:

SAML_certificates.png

Optional

In the Help Center article Setting up single sign-on (SSO) via Microsoft Azure Active Directory via OpenID Connect you can find more information about:

  • Assigning rights in the enterprise application
    Restricting the login to certain users or groups via the application
  • Emitting Azure Active Directory groups in the token

Related articles

Comments

Please sign in to leave a comment.