SAML Protocol Reference

 

Azure Active Directory uses the SAML 2.0 protocol to enable applications to provide a single sign-on experience to their users. This document describes the behavior of the Single Sign-On and Single Sign-out SAML profiles of Azure Active Directory. These SAML profiles explain how SAML assertions, protocols, and bindings are used in the identity provider service.

This section includes the following topics:

  • SAML Protocol Metadata and Endpoints - Learn how to find and interpret the metadata documents that Azure Active Directory and applications provide to each other to enable federation. The metadata includes tenant-specific and tenant-independent metadata endpoint for single sign-on and single sign-out.

  • Single Sign-on (SAML Protocol) - Learn about the SAML 2.0 AuthnRequest and Response elements that Azure Active Directory uses to enable single sign-on.

  • Single Sign-out (SAML Protocol) - Learn about the SAML 2.0 LogoutRequest and LogoutResponse elements that Azure Active Directory uses to enable single sign-out.

See Also

Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0 (PDF)
Active Directory Authentication Protocols