Configuring Azure AD as a SAML identity provider

Comments

2 comments

  • Steven Luong

    Note after some tests with a customer 
    This table could also indicate the "method" on each endpoints 

    Name Value
    Identifier (Entity ID) urn:dalet:flex:flex-login-app
    Reply URL (Assertion Consumer Service URL) like https://{account}.{your-flex-deployment.com}/login/saml/SSO
    Sign on URL like https://{account}.{your-flex-deployment.com}/login/saml/SSO
    Relay State desired Flex entry point, e.g. https://{account}.{your-flex-deployment.com}/fmp/index/ for the MAM UI
    Logout URL Optional
    like https://{account}.{your-flex-deployment.com}/login/saml/SingleLogout
    Service Provider Issuer Required if Logout URL is specified
    likeurn:dalet:flex:flex-login-app

    Both https://{account}.{your-flex-deployment.com}/login/saml/SSO and https://{account}.{your-flex-deployment.com}/login/saml/SingleLogout expect a POST (not a GET) 

    0
  • Brett CHAMBERS

    Notes regarding Azure AD and the Sign on URL...
    Microsoft states 'This URL contains the sign-in page for the application that will perform the service provider-initiated single sign-on. Leave it blank if you want to perform identity provider initiated single sign-on.'

    In other words, if you want to access Flex by clicking the FlexMAM App under 'Microsoft Apps' (https://myapps.microsoft.com/), then leave this field blank... Don't set any URL for it. Users can still click the Blue Button on the Flex Login page and authenticate via the Azure IdP with no issues. Basically, it appears there's no reason to populate the 'Sign on URL' these days.



    0

Please sign in to leave a comment.

Powered by Zendesk