2 mins read

Set Up Azure AD for Authentication with SAML

Connect applications registered in Azure Active Directory as Cloudentity's (Cloudentity's) Identity Providers so that you can connect a user pool from Azure to Cloudentity.


Connect Okta SAML IDP

  1. Go to Authentication » Providers » Create Connection.

  2. Select the SAML template in Third-Party Providers section and click Next.

    Adding SAML IDP

  3. Provide a name for your SAML IDP – it is used to create the Entity ID.

  4. Use the Entity ID (also a SAML SP Metadata URL) and ACS URL (Assertion Consumer Service URL) values to register Cloudentity as a Service Provider at your IDP.

    Create saml IDP

    For most up-to-date instructions, follow Microsoft documentation to add Azure AD SSO integration with Azure AD SAML Toolkit.

    1. Go to Azure Active Directory.

    2. Select Enterprise Applications » All Applications » New Application.

    3. Search for Azure AD SAML Toolkit, select it from the list, and select Create.

    4. Select Single sign-on from the Manage navigation tree.

    5. Select SAML.

    6. Select Edit in the Basic SAML Configuration and provide:

      • Provide the Entity ID from Cloudentity as the value of the Identifier (Entity ID)) field.

      • Provide the ACS URL from Cloudentity as the value of the Reply URL (Assertion Consumer Service URL).

      • Provide the ACS URL from Cloudentity as the value of the Sign on URL.

  5. Copy the App Federation Metadata URL from the SAML Certificates menu.

  6. Back in Cloudentity, provide the App Federation Metadata URL you copied from Azure as the value of the Metadata URL field.

  7. Save.

Next Steps

  1. In Azure, assign users to SAML Application you integrated with Azure.

  2. Add SAML Assertion Schema Attributes Coming from Azure AD IDP.

  3. Map SAML IDP Attributes to Authentication Context Attributes.

  4. Define Outgoing SAML Assertion Attributes Sent to Service Providers

  5. Add SAML Service Provider.

  6. If the Azure AD SAML IDP you connected enables users to sign into OAuth-based client applications, be sure to map the authentication context parameters (mapped from SAML IDP Assertion Schema Attributes) to Token Claims as well.

Updated: Nov 2, 2023