You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/authenticate/enterprise-connections/entra-id-saml.mdx
+8-9Lines changed: 8 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -45,9 +45,8 @@ You can make a connection available only to a specific organization, or you can
45
45
46
46
1. Go to **Settings > Environment > Authentication**.
47
47
2. Scroll to the **Enterprise connection** section and select **Add connection**. The **Add connection** window opens.
48
-
3. Select the Microsoft connection type you want and then select **Save**. Currently we support WS Federated and OpenID types.
49
-
4. On the tile for the new connection, select **Configure**.
50
-
5. Next: 'Step 2: Configure the connection'.
48
+
3. Select the Microsoft connection type you want and then select **Next**. Currently we support WS Federated, SAML, and OpenID types.
49
+
4. Next: 'Step 2: Configure the connection'.
51
50
52
51
## Step 2: Configure the connection in Kinde
53
52
@@ -60,17 +59,17 @@ You can make a connection available only to a specific organization, or you can
60
59
</Aside>
61
60
62
61
2. For the **Entity ID**, enter a random string like `hEb876ZZlkg99Dwat64Mnbvyh129`. Make a copy of the string as you will add this to your SAML application later.
63
-
3. Scroll past the IdP metadata URL and other key attribute fields. We will ad dthis information later.
62
+
3. Scroll past the IdP metadata URL and other key attribute fields. We will add this information later.
64
63
4. Enter **Home realm domains**. This speeds up the sign in process for users of those domains.
65
64
Note that all home realm domains must be unique across all connections in an environment. For more information about how, see [Home realm domains or IdP discovery](/authenticate/enterprise-connections/home-realm-discovery/).
5. If you use home realm domains, the sign in button is hidden on the auth screen by default. To show the SSO button, select the **Always show sign-in button** option.
70
69
6. Copy the ACS URL, you will need this for the SAML provider app.
71
-
6. If you want to enable just-in-time (JIT) provisioning, select the **Create a user record in Kinde** option. This saves time adding users manually or via API later.
72
-
7. Select if you want to treat this connection as a trusted provider. A [trusted provider](/authenticate/about-auth/identity-and-verification/) is one that guarantees the email they issue is verified. We recommend leaving this off for maximum security.
73
-
14. Select **Save**.
70
+
7. If you want to enable just-in-time (JIT) provisioning, select the **Create a user record in Kinde** option. This saves time adding users manually or via API later.
71
+
8. Select if you want to treat this connection as a trusted provider. A [trusted provider](/authenticate/about-auth/identity-and-verification/) is one that guarantees the email they issue is verified. We recommend leaving this off for maximum security.
72
+
9. Select **Save**.
74
73
75
74
## Step 3: Create and configure an Entra ID enterprise application
76
75
@@ -104,13 +103,13 @@ Make sure you test the connection before enabling in production for your users.
104
103
- First name attribute (Given name)
105
104
- Last name attribute (Surname)
106
105
3. Open the **Federation Metadata XML** file in a text editor and copy the contents of the file.
107
-
4. Paste them into the **Signing certifiacte** field in the Kinde connection.
106
+
4. Paste them into the **Signing certificate** field in the Kinde connection.
108
107
2. Switch on the connection. This will make it instantly available to users if this is your production environment.
109
108
1. For environment-level connections, scroll down and select the apps that will use the auth method.
110
109
2. For organization-level connections, scroll down and select if you want to switch this on for the org.
111
110
3. Select **Save**.
112
111
113
-
## Step 4: Test the connection
112
+
## Step 5: Test the connection
114
113
115
114
1. Go to your test application and attempt to sign in.
116
115
2. If you left the **Home realm domains** field blank in Kinde, when you launch your application, you should see a button to sign in. Click it and go to step 4.
0 commit comments