How to enable SAML as authentication provider in MS Entra?

Question

I've build a web application which should support SSO, so the users can login to my app using their company account. The company uses MS Active Directory and I the company requires to use SAML2. For testing purposes I create my own applicaiton in the MS Entra Admin planel. I followed this tutorial https://knowledgebase.businessmap.io/hc/en-us/articles/115004167265-How-to-Set-Up-SAML-Single-Sign-%D0%9En-with-Microsoft-Entra-ID but when I choose my app under "enterprise accplications" I don't see the SAML button. I'm not sure if SAML should work out of the box. When I try to login using SAML, the endpoint seems to be active but I got the following message: AADSTS7500511: XML attribute 'AssertionConsumerServiceURL' in the SAML message must be a URI. I googled and some answers refering to a missing value in the SAML config in the admin panel.

Answer 1

I created a Microsoft Entra ID application in the App registration blade and in the Enterprise application there was no SAML option to enable:

Got the same issue

Note that: Selecting Register an application to integrate with Azure AD (App you're developing) option integrates with Azure AD and allows to use OIDC standard for SSO.

• And the application created in App registration blade also use OIDC standard for SSO.

To enable SAML single sign on, you need to create application in Enterprise application blade:

Go to Azure Portal -> Enterprise Applications -> Create your own application -> Integrate any other application you don't find in the gallery (Non-gallery) -> Create

And you can also see this application in App registration blade:

Make sure the user is added in the users and groups blade of the application:

Configure the values and test the application:

Reference:

Allow to select SAML sign-on method for existing Azure enterprise application - Stack Overflow by me