I’m fairly new to the Azure ecosystem and constantly learning new things about its architecture, so please forgive me if I’m using incorrect terminology.
Our company offers a SAML-based SSO and Azure is one of the Identity Providers we support.
Currently, we ask our customers to register a non-gallery, enterprise app in their Azure AD Directory and to configure SSO manually. This involves uploading encryption certificate that we provide, as well as settings SAML endpoints and attribute mappings correctly. Since it’s a multi-step process, it’s very prone to human error and we’re looking for ways to make it simpler, faster and less painful.
Ideally, we’d want to pre-package as much of this configuration as possible and make it available for the clients with Azure AD - for reference, OneLogin’s App catalog or Okta’s Okta Integration Network (OIN) serve similar purpose.
If I understand correctly, Azure has Microsoft Azure Marketplace that would be suitable for the task - we’d be showing our app in the app gallery.
We registered as partners in Microsoft Partner Center and created an offer with a Solution Template plan, as only the tenant should have the access to the app.
Technical configuration section of the offer, we need to provide ARM template json file as well as UI configuration. I tried crafting appropriate ARM template that would create an App registration with SSO configuration, but without luck. Then I stumbled upon this feature request and realised our intended approach might not work, as ARM templates don’t support creation of App registrations.
Is our approach described above viable?
If so, I’d appreciate any advise on how to do it.
If not, what are the alternatives?
Stay healthy and safe!