Setting up Azure AD as SAML enterprise connection

Knowledge Articles
, , ,
1

Last Updated: Sep 30, 2024

Overview

This article details how to set up Azure AD with the flexibility of SAML when setting up a connection in Auth0.

Applies To

  • Azure AD
  • SAML Enterprise Connection

Solution

Follow the steps or video below:

Azure setup:

  1. Open portal.azure.com.
  2. Go to Azure Active Directory > Enterprise applications > + New Application.
  3. Now click + Create your own application.
  4. For convenience, put AzureViaSaml under the What’s the name of your app?.
  5. Under What are you looking to do with your application? select the Integrate any other application you don’t find in the gallery (Non-gallery) and click Create.
  6. Now click Single sign-on in the left pane, and under Select a single sign-on method, select SAML.
  7. In the 1. Basic SAML Configuration box, click Edit.
  8. Under Identifier (Entity ID), set up the identifier as per this example: urn:auth0:tenant-name:connection-name.
  • NOTE: The connection doesn’t exist in Auth0 at this point, so choose any name. In this example, let’s name the connection AzureViaSaml. The resulting identifier will be urn:auth0:my-tenant:AzureViaSaml
  • Do not include the full tenant domain in the Identifier, just the tenant name. It should not be urn:auth0:my-tenant.us.auth0.com:AzureViaSaml
  1. Set the Reply URL (Assertion Consumer Service URL) to https://myDomain.region*.auth0.com/login/callback, or https://myDomain.auth0.com/login/callback if the tenant was created before 11 June 2020.
  • Region could be us, au, eu, jp. E.g., myDomain.us.auth0.com
  1. Click Save.
  2. In the 3. SAML Signing Certificate box click Download next to Certificate (Base64).
  3. In the 4. Set up AzureViaSaml box, copy the Login URL. It will look like https://login.microsoftonline.com/xxx/saml2
  4. Complete the Auth0 Setup.

Auth0 Setup:

  1. Go to Dashboard > Authentication > Enterprise > SAML > + Create connection.
  2. Set the name to AzureViaSaml.
  3. Set the Sign In URL and the Sign Out URL value to the link copied in Step 12 in Azure setup (e.g., https://login.microsoftonline.com/xxx/saml2).
  4. Upload the X509 Signing Certificate that was downloaded from Azure in Step 11.
  5. Click Create.

Testing the connection:

Azure Setup:

  1. Click on Users and groups on the left pane of the Enterprise Application
  2. Click on Add user/group
  3. Select the Users to be assigned to this Application

​​

Auth0 Setup:

  1. Under Dashboard > Authentication > Enterprise > SAML select the Connection
  2. On the ‘Applications’ tab, assign an Application to this Connection

Launch the application and try the connection. Another option is to navigate to Dashboard > Authentication > Enterprise > SAML , click three dots next to the connection just created, and select Try .

5 Likes
3

Great write up! For anyone looking for Azure AD SAML mappings and how to set them up after getting the connections created, see this post: https://community.auth0.com/t/mapping-custom-attributes-from-a-custom-azure-ad-saml-connection-to-auth0/116744