Configure a SAML 2.0 provider for portals with Azure AD

In this article, you'll learn about configuring a SAML 2.0 provider for portals with Azure Active Directory (Azure AD).

Note

  • Portals can be configured with identity providers that conform to the Security Assertion Markup Language (SAML) 2.0 standard. In this article, you'll learn about using Azure AD as an example of identity providers that use SAML 2.0. Changes to the authentication settings might take a few minutes to be reflected on the portal. Restart the portal by using portal actions if you want the changes to be reflected immediately.

To configure Azure AD as the SAML 2.0 provider

  1. Select Add provider for your portal.

  2. For Login provider, select Other.

  3. For Protocol, select SAML 2.0.

  4. Enter a provider name.

    Add SAML 2.0 provider

  5. Select Next.

  6. In this step, you create the application and configure the settings with your identity provider.

    Create SAML 2.0 application

    Note

    • The Reply URL is used by the app to redirect users to the portal after the authentication succeeds. If your portal uses a custom domain name, you might have a different URL than the one provided here.
    • More details about creating the app registration on the Azure portal are available in Quickstart: Register an application with the Microsoft identity platform.
    1. Sign in to the Azure portal.

    2. Search for and select Azure Active Directory.

    3. Under Manage, select App registrations.

    4. Select New registration.

      New app registration

    5. Enter a name.

    6. If necessary, select a different Supported account type. More information: Supported account types

    7. Under Redirect URI, select Web (if it isn't already selected).

    8. Enter the Reply URL for your portal in the Redirect URI text box.
      Example: https://contoso-portal.powerappsportals.com/signin-saml_1

      Note

      If you're using the default portal URL, copy and paste the Reply URL as shown in the Create and configure SAML 2.0 provider settings section on the Configure identity provider screen (step 6 above). If you're using a custom domain name for the portal, enter the custom URL. Be sure to use this value when you configure the Assertion consumer service URL in your portal settings while configuring the SAML 2.0 provider.
      For example, if you enter the Redirect URI in Azure portal as https://contoso-portal.powerappsportals.com/signin-saml_1, you must use it as-is for the SAML 2.0 configuration in portals.

      Register application

    9. Select Register.

    10. Select Expose an API.

    11. For Application ID URI, select Set.

      Application ID URI

    12. Enter the portal URL as the App ID URI.

      Portal URL as the application ID URI

      Note

      The portal URL might be different if you're using a custom domain name.

    13. Select Save.

      Saved application ID URI

    14. Keep the Azure portal open, and switch to the SAML 2.0 configuration for Power Apps portals for the next steps.

  7. In this step, enter the site settings for the portal configuration.

    Configure SAML 2.0 site settings

    Tip

    If you closed the browser window after configuring the app registration in the earlier step, sign in to the Azure portal again and go to the app that you registered.

    1. Metadata address: To configure the metadata address, do the following:

      1. Select Overview in the Azure portal.

      2. Select Endpoints.

      Endpoints

      1. Copy the URL for Federation metadata document.

        Federation metadata document

      2. Paste the copied document URL as the Metadata address for portals.

    2. Authentication type: To configure the authentication type, do the following::

      1. Copy and paste the Metadata address configured earlier in a new browser window.

      2. Copy the value of the entityID tag from the URL document.

        Federation metadata entityID

      3. Paste the copied value of entityID as the Authentication type.
        Example: https://sts.windows.net/7e6ea6c7-a751-4b0d-bbb0-8cf17fe85dbb/

    3. Service provider realm: Enter the portal URL as the service provider realm.
      Example: https://contoso-portal.powerappsportals.com

      Note

      The portal URL might be different if you're using a custom domain name.

    4. Assertion consumer service URL: Enter the Reply URL for your portal in the Assertion consumer service URL text box.
      Example: https://contoso-portal.powerappsportals.com/signin-saml_1

      Assertion consumer service URL

      Note

      If you're using the default portal URL, you can copy and paste the Reply URL as shown in the Create and configure SAML 2.0 provider settings step. If you're using a custom domain name, enter the URL manually. Be sure that the value you enter here is exactly the same as the value you entered as the Redirect URI in the Azure portal earlier.

  8. Select Confirm.

    Confirm configuration

  9. Select Close.

See also

Configure a SAML 2.0 provider for portals with AD FS
FAQ for using SAML 2.0 in portals
Configure a SAML 2.0 provider for portals