You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/manage-apps/plan-sso-deployment.md
+7-7Lines changed: 7 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,7 +8,7 @@ ms.service: active-directory
8
8
ms.subservice: app-mgmt
9
9
ms.topic: conceptual
10
10
ms.workload: identity
11
-
ms.date: 12/07/2022
11
+
ms.date: 03/20/2023
12
12
ms.author: jomondi
13
13
ms.reviewer: alamaral
14
14
ms.collection: M365-identity-device-management
@@ -21,10 +21,10 @@ ms.custom: has-adal-ref
21
21
This article provides information that you can use to plan your [single sign-on (SSO)](what-is-single-sign-on.md) deployment in Azure Active Directory (Azure AD). When you plan your SSO deployment with your applications in Azure AD, you need to consider the following questions:
22
22
23
23
- What are the administrative roles required for managing the application?
24
-
- Does the certificate need to be renewed?
24
+
- Does the Security Assertion Markup Language (SAML) application certificate need to be renewed?
25
25
- Who needs to be notified of changes related to the implementation of SSO?
26
26
- What licenses are needed to ensure effective management of the application?
27
-
- Are shared user accounts used to access the application?
27
+
- Are shared and guest user accounts used to access the application?
28
28
- Do I understand the options for SSO deployment?
29
29
30
30
## Administrative Roles
@@ -33,17 +33,17 @@ Always use the role with the fewest permissions available to accomplish the requ
33
33
34
34
| Persona | Roles | Azure AD role (if necessary) |
35
35
| ------- | ----- | --------------------------- |
36
-
| Help desk admin | Tier 1 support | None |
37
-
| Identity admin | Configure and debug when issues involve Azure AD |Global Administrator |
36
+
| Help desk admin | Tier 1 support view the sign-in logs to resolve issues. | None |
37
+
| Identity admin | Configure and debug when issues involve Azure AD |Cloud Application Administrator |
38
38
| Application admin | User attestation in application, configuration on users with permissions | None |
| Business owner/stakeholder | User attestation in application, configuration on users with permissions | None |
41
41
42
42
To learn more about Azure AD administrative roles, see [Azure AD built-in roles](../users-groups-roles/directory-assign-admin-roles.md).
43
43
44
44
## Certificates
45
45
46
-
When you enable federated SSO for your application, Azure AD creates a certificate that is by default valid for three years. You can customize the expiration date for that certificate if needed. Ensure that you have processes in place to renew certificates prior to their expiration.
46
+
When you enable federation on SAML application, Azure AD creates a certificate that is by default valid for three years. You can customize the expiration date for that certificate if needed. Ensure that you have processes in place to renew certificates prior to their expiration.
47
47
48
48
You change that certificate duration in the Azure portal. Make sure to document the expiration and know how you'll manage your certificate renewal. It’s important to identify the right roles and email distribution lists involved with managing the lifecycle of the signing certificate. The following roles are recommended:
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments