You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/authenticate/enterprise-connections/entra-id-saml.mdx
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -72,21 +72,21 @@ You can make a connection available only to a specific organization, or you can
72
72
6. Select a **Name ID** format. This helps identify and link user identities between your IdP and Kinde.
73
73
7. Enter an **Email key attribute**. This is the attribute in the SAML token that contains the user’s email. Setting this value ensures that the email address returned in the SAML response is correctly retrieved. We do not recommend leaving this field blank, but if you do we will set ‘email’ as the attribute.
74
74
8. (Optional) Add a first name and last name attribute.
75
-
7. Enter **Home realm domains**. This speeds up the sign in process for users of those domains. Note that all home realm domains must be unique across all connections in an environment. For more information, see [Home realm domains or IdP discovery](/authenticate/enterprise-connections/home-realm-discovery/).
75
+
9. Enter **Home realm domains**. This speeds up the sign in process for users of those domains. Note that all home realm domains must be unique across all connections in an environment. For more information, see [Home realm domains or IdP discovery](/authenticate/enterprise-connections/home-realm-discovery/).
9. If you use home realm domains, the sign in button is hidden on the auth screen by default. To show the SSO button, select the **Always show sign-in button** option.
80
-
10. Copy the reply relevant URL:
79
+
10. If you use home realm domains, the sign in button is hidden on the auth screen by default. To show the SSO button, select the **Always show sign-in button** option.
80
+
11. Copy the reply relevant URL:
81
81
1. If you don't use a custom domain, copy the **Assertion customer service (ACS) URL**.
82
82
2. If you do use a custom domain, select the **Use custom domain instead** option and copy the custom domain URL.
83
83
Later, add this URL to your identity provider configuration.
84
84
85
85
86
86
87
-
11. If you want to enable just-in-time (JIT) provisioning, select the **Create a user record in Kinde** option. This saves time adding users manually or via API later.
87
+
12. If you want to enable just-in-time (JIT) provisioning, select the **Create a user record in Kinde** option. This saves time adding users manually or via API later.
88
88
13. Select if you want to treat this connection as a trusted provider. A [trusted provider](/authenticate/about-auth/identity-and-verification/) is one that guarantees the email they issue is verified. We recommend leaving this off for maximum security.
89
-
13. Select **Save**.
89
+
14. Select **Save**.
90
90
91
91
## Step 3: Create and configure an Entra ID enterprise application
0 commit comments