You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/authenticate/enterprise-connections/entra-id-saml.mdx
+7-6Lines changed: 7 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -60,17 +60,18 @@ You can make a connection available only to a specific organization, or you can
60
60
</Aside>
61
61
62
62
2. For the **Entity ID**, enter a random string like `hEb876ZZlkg99Dwat64Mnbvyh129`. Make a copy of the string as you will add this to your SAML application later.
63
-
3. Scroll past the IdP metadata URL and other key attribute fields. We will ad dthis information later.
63
+
3. Scroll past the IdP metadata URL and other key attribute fields. We will add this information later.
64
64
4. Enter **Home realm domains**. This speeds up the sign in process for users of those domains.
65
65
Note that all home realm domains must be unique across all connections in an environment. For more information about how, see [Home realm domains or IdP discovery](/authenticate/enterprise-connections/home-realm-discovery/).
5. If you use home realm domains, the sign in button is hidden on the auth screen by default. To show the SSO button, select the **Always show sign-in button** option.
70
70
6. Copy the ACS URL, you will need this for the SAML provider app.
71
-
6. If you want to enable just-in-time (JIT) provisioning, select the **Create a user record in Kinde** option. This saves time adding users manually or via API later.
72
-
7. Select if you want to treat this connection as a trusted provider. A [trusted provider](/authenticate/about-auth/identity-and-verification/) is one that guarantees the email they issue is verified. We recommend leaving this off for maximum security.
73
-
14. Select **Save**.
71
+
7. Select if you want to **enable single sign out**. This will sign the user out of their Microoft Entra ID SAML account and end all sessions when they sign out.
72
+
8. If you want to enable just-in-time (JIT) provisioning, select the **Create a user record in Kinde** option. This saves time adding users manually or via API later.
73
+
9. Select if you want to treat this connection as a trusted provider. A [trusted provider](/authenticate/about-auth/identity-and-verification/) is one that guarantees the email they issue is verified. We recommend leaving this off for maximum security.
74
+
10. Select **Save**.
74
75
75
76
## Step 3: Create and configure an Entra ID enterprise application
76
77
@@ -104,13 +105,13 @@ Make sure you test the connection before enabling in production for your users.
104
105
- First name attribute (Given name)
105
106
- Last name attribute (Surname)
106
107
3. Open the **Federation Metadata XML** file in a text editor and copy the contents of the file.
107
-
4. Paste them into the **Signing certifiacte** field in the Kinde connection.
108
+
4. Paste them into the **Signing certificate** field in the Kinde connection.
108
109
2. Switch on the connection. This will make it instantly available to users if this is your production environment.
109
110
1. For environment-level connections, scroll down and select the apps that will use the auth method.
110
111
2. For organization-level connections, scroll down and select if you want to switch this on for the org.
111
112
3. Select **Save**.
112
113
113
-
## Step 4: Test the connection
114
+
## Step 5: Test the connection
114
115
115
116
1. Go to your test application and attempt to sign in.
116
117
2. If you left the **Home realm domains** field blank in Kinde, when you launch your application, you should see a button to sign in. Click it and go to step 4.
0 commit comments