Hi everybody,
I’m trying to setup the Azure AD as SAML entreprise connection in my Auth0 to register the application in Azure Application Marketplace.
I’m following this guide ( Setting up Azure AD as SAML enterprise connection - Auth0 Community), but i have identified some miss steps, and still not able to got success in this communication. What i’m still missing to make it work?
Bellow i’m adding the steps (replicating the steps in the FAQ link above) and adding extra steps that i did to stop to got some errors:
Azure setup:
-
Open portal.azure.com
-
Go to Azure Active Directory > Enterprise applications > + New Application
-
Now click + Create your own application
-
For convenience, put AzureViaSaml under the What’s the name of your app?
-
Under What are you looking to do with your application? select the Integrate any other application you don’t find in the gallery (Non-gallery) and click Create
-
Now click Single sign-on in the left pane and under Select a single sign-on method select SAML
-
In the 1. Basic SAML Configuration box click Edit
-
Under Identifier (Entity ID) set up identifier as per this example: urn:auth0:your-auth0-domain:connection-name
-
Note, that the connection doesn’t exist in Auth0 at this point, so you can choose any name. In this example let’s name the connection AzureViaSaml. So the resulting identifier will be urn:auth0:myDomain:AzureViaSaml
-
Don’t include the full tenant URL in the Identifier, just the tenant name. It shouldn’t be urn:auth0:myDomain.us.auth0.com :AzureViaSaml
- Set the Reply URL (Assertion Consumer Service URL) to https://myDomain.region*.auth0.com/login/callback?connection=AzureViaSaml , or https://myDomain.auth0.com/login/callback?connection=AzureViaSaml if your tenant was created before 11 June 2020.
-
- Region could be us, au, eu, jp. E.g.: myDomain.us.auth0.com
-
Click Save
-
In the 3. SAML Signing Certificate box click Download next to Certificate (Base64)
-
In the 4. Set up AzureViaSaml box copy the Login URL. It will look like https://login.microsoftonline.com/xxx/saml2
-
In the created Enterprise Application go to Manage > User and Groups click on Add user/group to add a user to allow you to test in further steps
-
Now let’s move to Auth0 setup
Auth0 Setup:
-
Go to Dashboard > Authentication > Enterprise > SAML > + Create connection
-
Set the name to AzureViaSaml
-
Set the Sign In URL and the Sign Out URL value to the link you copied in Step 12 in Azure setup (e.g. https://login.microsoftonline.com/xxx/saml2 )
-
Upload the X509 Signing Certificate that you downloaded from Azure in Step 11
-
Click Create
-
Go on IdP-Initiated SSO, select Accept Requests, select the Default Application and the Response Protocol
-
Go on ** Applications** tab, and toggle to on the application that you need allow to user use the SAML enterprise connection
Launch your application and try the connection. You can also go to Dashboard > Authentication > Enterprise > SAML , click three dots next to the connection you just created and select Try .
Explanations and related doubts:
The step 13 in Azure Setup i’ve added after get error trying to test the integration. Is necessary to have a user authorized in the Enterprise application
The step 7 in Auth0 Setup i’ve added after get the error “invalid_request : IdP-Initiated login is not enabled for connection “AzureViaSaml”.” trying to test the integration. I’ve selected my SPA Application as “Default Application” and on Response Protocol i got doubt which one i should select, which one should i pick? Open-Id Connect, SAML or WS-Fed
The step 8 in Auth0 Setup i’ve added after get the error " invalid_request : The connection with name: “AzureViaSaml” (my-tenant - code) was not found."
Now i’m get stuck because after try test the connection i’ve got the following page redirection:
What’s should i do now? What the step to finish this connection and got success?
Best Regards