Hello:
we need to setup our internal app for saml, so we thought about using azure ad as iDP. My question on azure ad is can we define internal fqdn of the server under Identifier and reply url. since it will sp initatied sso?
thanks

Hello:
we need to setup our internal app for saml, so we thought about using azure ad as iDP. My question on azure ad is can we define internal fqdn of the server under Identifier and reply url. since it will sp initatied sso?
thanks

Hi @DomEth-1666 · You can, as long as the Reply URL is reachable because, Azure AD will redirect you to the reply url after successful authentication. If you a non-routable FQDN such as example.local, it will not work over the internet but if you are inside corp. network or connected via VPN, and your internal DNS can resolve the name, you will be able to use it.
Read more:
Identifier: Uniquely identifies the application. Azure AD sends the identifier to the application as the Audience parameter of the SAML token. The application is expected to validate it. This value also appears as the Entity ID in any SAML metadata provided by the application. Enter a URL that uses the following pattern: 'https://.contoso.com' You can find this value as the Issuer element in the AuthnRequest (SAML request) sent by the application.
Reply URL: It is also referred to as the Assertion Consumer Service (ACS) URL. You can use the additional reply URL fields to specify multiple reply URLs. For example, you might need additional reply URLs for multiple subdomains. Or, for testing purposes you can specify multiple reply URLs (local host and public URLs) at one time.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
4 people are following this question.