You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/authenticate/enterprise-connections/entra-id-saml.mdx
+7-5Lines changed: 7 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -60,16 +60,18 @@ You can make a connection available only to a specific organization, or you can
60
60
61
61
2. For the **Entity ID**, enter a random string like `hEb876ZZlkg99Dwat64Mnbvyh129`. Make a copy of the string as you will add this to your SAML application later. Note that some older Entra ID tenants require the Entity ID to have a prefix of `spn:` If your connection fails, this could be why.
62
62
3. Scroll past the IdP metadata URL and other key attribute fields. We will add this information later.
63
-
4. Enter **Home realm domains**. This speeds up the sign in process for users of those domains.
63
+
4. Enter an **Email key attribute**. This is the attribute in the SAML token that contains the user’s email. Setting this value ensures that the email address returned in the SAML response is correctly retrieved. We do not recommend leaving this field blank, but if you do we will set ‘email’ as the attribute.
64
+
5. (Optional) Add a first name and last name attribute.
65
+
6. Enter **Home realm domains**. This speeds up the sign in process for users of those domains.
64
66
Note that all home realm domains must be unique across all connections in an environment. For more information about how, see [Home realm domains or IdP discovery](/authenticate/enterprise-connections/home-realm-discovery/).
5. If you use home realm domains, the sign in button is hidden on the auth screen by default. To show the SSO button, select the **Always show sign-in button** option.
69
-
6. Copy the ACS URL, you will need this for the SAML provider app.
70
+
7. If you use home realm domains, the sign in button is hidden on the auth screen by default. To show the SSO button, select the **Always show sign-in button** option.
71
+
8. Copy the ACS URL, you will need this for the SAML provider app.
70
72
7. If you want to enable just-in-time (JIT) provisioning, select the **Create a user record in Kinde** option. This saves time adding users manually or via API later.
71
-
8. Select if you want to treat this connection as a trusted provider. A [trusted provider](/authenticate/about-auth/identity-and-verification/) is one that guarantees the email they issue is verified. We recommend leaving this off for maximum security.
72
-
9. Select **Save**.
73
+
9. Select if you want to treat this connection as a trusted provider. A [trusted provider](/authenticate/about-auth/identity-and-verification/) is one that guarantees the email they issue is verified. We recommend leaving this off for maximum security.
74
+
10. Select **Save**.
73
75
74
76
## Step 3: Create and configure an Entra ID enterprise application
0 commit comments