Explore our platform and learn how it can help your application shine.
Learn about modern authentication techniques and best practices.
Learn about access management practices and technologies.
Learn to manage user accounts and access at scale.
Understand multi-tenancy, a foundation of shared computing.
Learn how to design and build successful SaaS applications.
Understand what is required to provide an enterprise-ready product.
Understand the uses and benefits of Attribute-Based Access Control.
Learn how Single Sign On (SSO) can improve security and UX.
Learn about OpenID Connect, an open authentication protocol.
Learn about SAML, a popular SSO protocol.
Learn about our history, our team, and our mission.
If you have been in the SaaS industry in recent years, you are surely familiar with Azure Active Directory (Azure AD). This popular access management service can work seamlessly with Security Assertion Markup Language (SAML), a commonly-used protocol. This detailed guide will show you how these two work in tandem.
Security Assertion Markup Language (SAML) is an open standard for transferring authentication and authorization information between identity providers and service providers. Technically, it is an XML-based language that enables security assertions, which are statements that service providers use to make access control decisions.
Azure Active Directory (Azure AD) is a cloud-based identity and access management service. The service gives employees access to thousands of external resources such as the Azure portal, Microsoft 365, and other SaaS applications. Azure AD also integrates with on-premises identity management solutions like Microsoft Active Directory, enabling access to applications on corporate networks and intranets, and enabling the use of the same credentials for on-premise and cloud-based systems.
Azure AD enables single sign-on (SSO) using a 7-step process, illustrated below. The cloud service (acting as the service provider) passes the AuthnRequest element to Azure AD (acting as the identity provider) using an HTTP redirect binding. Azure AD then publishes the response element to the cloud service using an HTTP POST binding. Azure AD supports redirect (HTTP GET) binding instead of HTTP POST binding.
Azure AD exposes a common, tenant-independent SSO endpoint. Each URL represents an addressable location. The SSO endpoint is not just an identifier, allowing you to view the endpoint and read the metadata.
Azure AD supports single sign-on profiles for SAML 2.0 web browsers. For single sign-on to work, you must explicitly register your application’s logout URL with Azure AD when you register your application. You can set this value by default if your app has been added to the Azure Applications Gallery. Otherwise, the person who added the app to your Azure AD tenant must determine and set the value. Azure AD redirects users via the LogoutURL after they log out.
The Microsoft identity platform employs protocols like SAML 2.0 to enable a single sign-on (SSO) experience for the users of an application. The SAML protocol enables an identity provider (i.e., Microsoft Identity Platform) and a service provider (i.e., the application) to exchange data. When developers register an application with Azure AD, they register federation-related data with Azure AD. This information includes the application’s redirect URI and metadata URI.
The Microsoft Identity Platform uses the cloud service’s metadata URI to obtain the signing key and logout URI. To register an app, in the Azure Portal, navigate to Azure Active Directory > App registrations > Manage> Authentication.
Application management in Azure AD involves creating, configuring, managing, and monitoring cloud-based applications. Assigned users can securely access applications registered in an Azure AD tenant.
Here is how you can add an enterprise application to an Azure AD tenant:
After SSO is configured for the application, users can use their Azure AD tenant credentials to sign in to the application.
Here is how you can test the Azure AD SSO configuration:
Frontegg is a self-served management platform that allows SaaS companies to implement powerful authentication flows with just a few clicks. Amongst the various options, you can also find Security Assertion Markup Language (SAML), which you can implement via multiple identity providers. This saves a lot of development time and allows your teams to focus on core tech features.
Start For Free
Rate this post
0 / 5. 0
No reviews yet