Microsoft SSO using SAML

Instructions for setting up Microsoft SSO using SAML

Setting up Microsoft as a SAML Identity Provider (IdP) involves configuring Azure Active Directory (Azure AD). Here is a step-by-step guide to help you through the process:

Step 1: Configure Azure AD

1. Create an Enterprise Application in Azure AD:
   • Sign in to the Azure portal.
   • Go to "Microsoft Entra ID" -> "Enterprise applications" -> "New application".
   • Choose "Create your own application", give it a name, and select "Integrate any other application you don't find in the gallery (Non-gallery)".
2. Allow Access to Enterprise Application

   There are two options

   1. Restrict access to specific users/groups
      • After creating the application, go to the "Users and groups" section.
      • Click “Add user/group”.
      • Assign any users/groups to provide them access to use single sign-on.
   2. Allow access to all users/groups
      • After creating the application, go to the "Properties" section.
      • Toggle “Assignment required?” to no.
3. Set up Single Sign-On (SSO):
   • After creating the application, go to the "Single sign-on" section.
   • Select "SAML".
4. Basic SAML Configuration:
   • In the "Basic SAML Configuration" section, click "Edit".
   • Set "Identifier (Entity ID)" to the Entity ID of your IdP. Typically, this is https://auth.byos.network/realms/<realm-name>.
   • Set "Reply URL (Assertion Consumer Service URL)" to https://auth.byos.network/realms/<realm-name>/broker/microsoft/endpoint.
   • Fill in other required fields if necessary, and save the configuration.
5. SAML Metadata:
   • In the "SAML Signing Certificate" section, download the "Federation Metadata XML".
   • Provide Byos with your “Federation Metadata XML” file.