Tip of the Day: SaaS App Sign-On using Azure AD creds

Article
09/23/2014

Today’s (Cloud) Tip…

When setting up federation for a SaaS app with Azure AD, some SaaS apps allow itself to initiate authentication. What this means is, when signing in to the SaaS app, the SaaS app will redirect the authentication to the identity provider, in our case, this is Azure AD.

For Example, if you have set up single sign-on federation with SalesForce, you can go to the SalesForce sign-in page and enter your Azure Active Directory Credentials.

In order for this to work, the SaaS apps may need additional configuration and may ask for the login/logout URI.

Each SaaS app may call this differently. Here are some examples of what this may be called

Identity Provider Login/Logout URI
Identity Provider Logon/Logout URI
Single Sign-On Login/Logout URI
Single Sign-On Logon/Logout URI

In any case, you will set this login/logout URI to the following value…

https://login.windows.net/<yourVerifiedDomain>/FederationMetadata/2007-06/FederationMetadata.xml

Note Where <YourVerifiedDomain> is any verified domain within your Azure AD tenant.

For example you could use contoso.onmicrosoft.com or contoso.com.

Tip of the Day: SaaS App Sign-On using Azure AD creds

Additional resources