Using External Identities with Azure AD and SAML for B2B Apps

Рет қаралды 7,736

3 жыл бұрын

Azure AD in addition to providing external identities with social logins can also do logins for B2B apps using popular protocols like SAML and WS-Fed. This allows for Business-to-Business applications to use external authentication (relying party trust) for applications inside an AD Tenant. In this video, we'll show you how to set this up with Azure AD and integrate it with AD FS as an external IDP.
Use External Identity Providers (such as Facebook & Google) with Azure AD/Web Apps: • Use External Identity ...
Authenticating App Users with Azure Active Directory: • Authenticating App Use...
AD FS Metadata URL: YOURHOSTNAME/federationmetadata/2007-06/federationmetadata.xml
MS Metadata URL: nexus.microsoftonline-p.com/f...
Persistent Identifier Claim: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
Twitter:
Blaize: / theonemule
Wintellect: / wintellect
WintellectNOW: / wintellectnow
Wintellect:
WintellectNow: www.wintellectnow.com
Blaize: www.blaize.net

Пікірлер: 15

@yomyomcam 2 жыл бұрын

This is the holy grail. thanks a lot for sharing!

@ojanajibon 7 ай бұрын

Thanks for the detailed video. One point is not clear, how Azure AD identifies external Identity Provider Server endpoint to validate whether the user is already authenticated in B2B application?

@gelmera 3 жыл бұрын

Very good but Microsoft product still very limited it doesn't pull in any of the external IDP user information. A lot of SAML application require first name last name, department, manager, etc... but the production still doesn't support pulling that info in on user invite.

@Atmosera- 3 жыл бұрын

For Azure AD, it is . For a more robust solution for forward facing apps, I'd look at Azure AD B2C.

@gosconsultingoy7672 3 жыл бұрын

Definitely checked my mail at 5:15

@Devrony 2 ай бұрын

I am trying to figure out to how access or map SAML attributes from the external IdP to the access token issued by my custom Azure. Do the SAML attributes get mapped automatically over to the access token?

@Devrony 2 ай бұрын

I meant to say my custom Azure App.

@Gr8dane85 Жыл бұрын

What about when Azure assumes the role as Relaying Party trust?.

@Atmosera- Жыл бұрын

It should federate, depending on what you are doing.

@irfandanish4091 2 жыл бұрын

I appreciate you. Its very beneficial for me. But i just want to know how can i integrate adfs without user invitation.?

@Atmosera- 2 жыл бұрын

For an Enterprise App, you can choose "Provision User Accounts" for that application if you're using SAML. For external identities, They'd have to be imported into AD first. It's possible, but invitations are generally preferable.

@irfandanish4091 2 жыл бұрын

@@Atmosera- Thanks for your kind response. One more thing i want to know how can we setup adfs with azure ad as saml without adding guest users IN Azure ad?

@Atmosera- 2 жыл бұрын

@@irfandanish4091 ADFS is more for federation. You will have to include users at some level so Azure AD can maintain the permissions in the app. So I don't know that it's possible not to have these.