We want to integrate B2C with SAP Cloud Platfrom. Therefore we need to setup an SAML IdP in B2C. Anyone have done this? There is an guide which I will follow if no one have done this: https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-sf-app-custom
Related
We are using Azure AD with Saml based SSO to log in to our external web application. We would like to integrate several of our partner organiziation that use Google Workspace to be able to log into our web application using the SSO from AD. Is this somehow possible? I tried this with adding Google IdP to the external identities but the user's identities don't work during the login - they get "We couldn't find an account with that username." error.
Any ideas on how to accomplish this? Thanks
Is it possible to use MSAL to allow a windows service to access a web api protected by Azure AD B2C? If not, what is the best way to allow a autonomous service to access an API protected by B2C.
This scenario should be addressed with the Client Credentials OAuth flow.
This is possible in Azure AD B2C, however, the experience isn't ideal.
To do achieve this, use "App Registration" blade in the Azure Portal to register a apps that define application permissions and then register apps that use client credentials to request these. You would effectively be using the same mechanism that you use in regular Azure AD, see Azure AD's "Daemon or Server Application to Web API" documentation
Important note: Make sure you are not using the Azure AD B2C blades for this.
You can support the ask for a first class experience by voting for this entry in the Azure AD B2C feedback forum: Support OAuth 2.0 Client Credential Flow
Our current application is authenticating users with a SAML IdP. We wish to retain their implementation of SAML and update the application’s configuration with Azure AD B2C, not switch to OAuth2 or OpenID Connect. Does Azure AD B2C currently support receiving authentication requests via SAML? I am unable to find this in the documentation.
Azure B2C does (has for a while) provide SAML connectivity through custom policies in the Identity Experience Framework currently in public preview - https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-overview-custom
Azure AD B2C does not support integrating with applications / relaying parties via SAML yet.
You can support this ask and keep up to date on its progress by voting for it in the Azure AD B2C feedback forum: (Application) SAML Protocol support.
You can configure Configure SAML Relying party application:
https://github.com/azure-ad-b2c/saml-sp
The full documentation can be found here:
https://github.com/azure-ad-b2c/saml-sp/blob/master/saml-rp-spec.md
NOTE: AS Per July 2019, SAML Relying Party support is available as a preview feature
We are developing an application in which we plan to use Okta as the ID provider. However, this application will be hosted in Azure and we would like to use the Azure ACS for Federation. However, off late we came to know that ACS is going be integrated with Azure AD (http://blogs.technet.com/b/ad/archive/2015/02/12/the-future-of-azure-acs-is-azure-active-directory.aspx). I am bit confused here.
I understand AD provides the directory services and will be used for authentication. In our case, this will be Okta. How can I use AD (as ACS is going to be integrated with AD) for this? I tried uploading a Ws-Federation metadata for a test application from Okta to Azure ACS (tried to create a new ID provider), however I couldn't succeed in doing that. Any help will be much appreciated.
I tried using Okta APIs, and it worked well. But, the ask is to use Azure to communicate with Okta.
You can set up Okta as the IDP to Azure since you plan to leverage Okta as the directory and as the IDP. The benefit here is that you can leverage other policies and features within Okta for authorization during login time (eg. mfa).
https://msdn.microsoft.com/en-us/library/azure/dn641269.aspx - This page provides a pretty detailed description on how to set this up. So effective, Azure is not "directly" communicating with Okta - but rather - integrating with Okta where Azure (and your app) is the SP and Okta is the IDP.
Can anyone suggest which is best idp that we can integrate with Azure AD for SAML SSO.
My goal is need to use Azure AD credentials for all my business application.
Thanks
In Azure AD, AAD is the IDP.
You are the RP.
Any SAML provider can be used e.g. ADFS, PingFederate, Shibboleth etc.
You want "Azure AD credentials for all my business application". Is your business application .NET, Java ... ? Does it have to use SAML? Could it use WS-Federation, OpenID Connect, OAuth ... ?
Is your business application one you wrote yourself or is it SaaS - many of these are already integrated with AAD.