Configure a SAML 2.0 provider for portals

To provide external authentication, you can add one or more SAML 2.0–compliant identity providers. This article describes how to set up various identity providers to integrate with a portal that acts as a service provider.

Note

Changes to the authentication settings might take a few minutes to be reflected on the portal. Restart the portal by using portal actions if you want the changes to be reflected immediately.

To configure a SAML 2.0 provider

  1. Select Add provider for your portal.

  2. For Login provider, select Other.

  3. For Protocol, select SAML 2.0.

  4. Enter a provider name.

    Provider name.

  5. Select Next.

  6. Create the application and configure the settings with your identity provider.

    Create a SAML 2.0 application.

  7. Enter the following site settings for portal configuration.

    Configure SAML 2.0 site settings.

    Note

    Ensure that you review—and if required, change—the default values.

    Name Description
    Metadata address The SAML 2.0 identity provider metadata file location.
    Example (Azure AD): https://login.microsoftonline.com/7e6ea6c7-a751-4b0d-bbb0-8cf17fe85dbb/federationmetadata/2007-06/federationmetadata.xml
    Authentication type The Entity Id value that specifies a globally unique name for the SAML 2.0 identity provider.
    Example (Azure AD): https://login.microsoftonline.com/7e6ea6c7-a751-4b0d-bbb0-8cf17fe85dbb/
    Service provider realm The portal URL that specifies the service provider realm for the SAML 2.0 identity provider.
    Example: https://contoso-portal.powerappsportals.com/
    Assertion consumer service URL The portal URL that corresponds to the service provider's endpoint (URL). This URL is responsible for receiving and parsing a SAML assertion.
    Example: https://contoso-portal.powerappsportals.com/signin-saml_1
    Note: If you're using the default portal URL, you can copy and paste the Reply URL as shown in the Create and configure SAML 2.0 provider settings step. If you're using a custom domain name, enter the URL manually. Be sure that the value you enter here is exactly the same as the Redirect URI value for the application in the identity provider configuration (such as Azure portal).
  8. Select Next.

  9. (Optional) Configure additional settings.

    Additional settings.

    Name Description
    Validate audience If this is enabled, the audience will be validated during token validation.
    Valid audiences A comma-separated list of audience URLs.
    Contact mapping with email Specify whether the contacts are mapped to a corresponding email. When this is set to On, a unique contact record is associated with a matching email address, assigning the external identity provider to the contact after a successful user sign-in.
  10. Select Confirm.

To edit a SAML 2.0 provider

See Edit a provider.

See also

Configure a SAML 2.0 provider for portals with Azure AD
Configure a SAML 2.0 provider for portals with AD FS
FAQ for using SAML 2.0 in portals