You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/authenticate/enterprise-connections/entra-id-saml.mdx
+7-6Lines changed: 7 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -62,16 +62,17 @@ You can make a connection available only to a specific organization, or you can
62
62
3. Scroll past the IdP metadata URL and other key attribute fields. We will add this information later.
63
63
4. Enter an **Email key attribute**. This is the attribute in the SAML token that contains the user’s email. Setting this value ensures that the email address returned in the SAML response is correctly retrieved. We do not recommend leaving this field blank, but if you do we will set ‘email’ as the attribute.
64
64
5. (Optional) Add a first name and last name attribute.
65
-
6. Enter **Home realm domains**. This speeds up the sign in process for users of those domains.
65
+
6. Enter a **sign in URL** if your IdP requires a specific URL.
66
+
7. Enter **Home realm domains**. This speeds up the sign in process for users of those domains.
66
67
Note that all home realm domains must be unique across all connections in an environment. For more information about how, see [Home realm domains or IdP discovery](/authenticate/enterprise-connections/home-realm-discovery/).
7. If you use home realm domains, the sign in button is hidden on the auth screen by default. To show the SSO button, select the **Always show sign-in button** option.
71
-
8. Copy the ACS URL, you will need this for the SAML provider app.
72
-
7. If you want to enable just-in-time (JIT) provisioning, select the **Create a user record in Kinde** option. This saves time adding users manually or via API later.
73
-
9. Select if you want to treat this connection as a trusted provider. A [trusted provider](/authenticate/about-auth/identity-and-verification/) is one that guarantees the email they issue is verified. We recommend leaving this off for maximum security.
74
-
10. Select **Save**.
71
+
8. If you use home realm domains, the sign in button is hidden on the auth screen by default. To show the SSO button, select the **Always show sign-in button** option.
72
+
9. Copy the ACS URL, you will need this for the SAML provider app.
73
+
10. If you want to enable just-in-time (JIT) provisioning, select the **Create a user record in Kinde** option. This saves time adding users manually or via API later.
74
+
11. Select if you want to treat this connection as a trusted provider. A [trusted provider](/authenticate/about-auth/identity-and-verification/) is one that guarantees the email they issue is verified. We recommend leaving this off for maximum security.
75
+
12. Select **Save**.
75
76
76
77
## Step 3: Create and configure an Entra ID enterprise application
0 commit comments