Configure Azure Active Directory as the Identity Provider (IDP) (2024)

Procedure

1. Sign in to the Azure portal.

   
   

2. In the navigation pane, select Azure Active Directory, and then select Enterprise applications.

   The Enterprise applications – All applications page appears.

   
   

   See Also

   What is SAML and How Does it Work?Frequently asked questions (FAQ) about Microsoft Entra, Microsoft Entra ID, and Azure - Microsoft EntraSAML vs SSO - What's the Difference (Authentication Protocols)How Active Directory SSO Works
3. Select New application.

   The Add an application section appears.

   
   

4. Select Non-gallery application.

   The Add your own application section appears.

   
   

5. In the Name box, enter a name for the application that you want to configure with Azure AD, and then select Add.

   The page of the added application appears.

   See Also

   Enable single sign-on for an enterprise application - Microsoft Entra ID

6. In the navigation pane of the application page, select Single sign-on.

   The Select a single sign-on method section appears.

   
   

7. Select SAML.

   The Set up Single Sign-On with SAML section appears.

   
   

8. In the Basic SAML Configuration section, select .

   The Basic SAML Configuration window appears.

   
   

9. Enter the following details.

   Identifier (Entity ID)	Enter a unique ID. Note: This ID will be used in the saml.config file for the service provider name. Therefore, note the ID.
   Reply URL (Assertion Consumer Service URL)	The application callback URL where the response will be posted. Enter https://<app_server>/Meridium/api/core/security/ssologinauth.
   Sign on URL	The application URL, which initiates the same sign-on. Enter https://<app_server>/meridium/index.html.

10. Select Save.
11. In the SAML Signing Certificate section, select Download corresponding to Certificate (Base 64).
12. From the Set up <user name>- sso section, note the Login URL and Azure AD Identifier.

    Note: The Login URL and Azure AD Identifier will be used in the saml.config file for SingleSignOnServiceURL and PartnerIdentityProvider name, respectively.

13. In the application server, copy the downloaded Certificate (Base 64) to C:\Program Files\Meridium\ApplicationServer\api.
14. Modify the saml.config file as follows:
    • ServiceProvider Name with the value that you entered and noted for the Identifier (Entity ID) box.
    • PartnerIdentityProvider Name with the Azure AD Identifier.
    • SingleSignOnServiceURL with the Login URL.

    
    

15. Add users to the enterprise application by accessing the Users and groups section.
16. Modify the host page with the IDP URL.