Creating Your Own SSO Application with Azure Active Directory
As I’m writing this, there are over 2,500 pre-federated application available in the Azure AD Gallery. But, what if yours isn’t in there? No sweat.
Log into your Azure subscription and navigate to Azure Active Directory. From there add an application. You’ll want to choose the middle option to create one from the gallery.
You have the ability to search through the gallery for applications or if you know it’s not in there – just choose the ‘custom’ option as highlighted and enter the name that you want to appear in the https://myapps.microsoft.com portal for your users.
Once added choose the “configure SSO” option.
In our case the application just requires a username and a password so we’ll choose the “password SSO” option. In our example we are going to pre-populate the credential so that all users would use the same login to sign in. You of course have the option to allow the users to self-service that credential as well.
The next step is to provide the URL to the sign-in page.
Now AAD will want to ‘capture’ the login fields for us. Click the “click to sign-in” link and it will open the web page where you will then place your cursor into the username field and enter a credential. Your credential is not store here – AAD is just using it to verify the appropriate fields.
Click on the username field and enter a credential. Same for the password then login.
AAD will ask you to save the login details.
Now you’re back in the Azure portal where you will click the ‘sign-in succeeded’ check box and continue on.
On the next page you have the option to view the fields that were captured.
Now you’ll want to assign users access to the application in Azure AD. Pretty straightforward here. As I mentioned in my scenario I’m going to pre-populate a credential that all users will use when the access the application.
Now when my users accesses the MyApps portal (https://myapps.microsoft.com) they’ll see the custom application available to them. When they click on it, they will be signed in using the credential the Azure administrator defined in the previous step.
A few advanced options that are available…if you go into the ‘configure’ tab…
You can do things like:
- Add a custom logo
- Configure MFA on a per-application basis
- Allow your users to self-service their own access to your custom application