Configure a Single Sign-On (SSO) App in Azure AD

This topic discusses how to create an app in Microsoft Azure AD to handle single sign-on (SSO) from Azure AD when a network user attempts to access a protected network.

Create the app

In the Microsoft Azure AD portal, click Enterprise Applications on the home page and follow the instructions in Configure Microsoft Entra SSO on learn.microsoft.com.

The following figure shows part of the SSO app configuration. You must provide some of the information on this page when you configure the Microsoft Azure AD (SAML) realm. For more information, see Get Required Information For Your Microsoft Azure AD Realm (Active Authentication Only).

In the Microsoft Azure AD portal, the Set up Single Sign-On with SAML page shows most of the values you need to configure the realm

(Optional.) Upload the service provider metadata

If you already configured the Microsoft Azure AD (SAML) realm, click Upload metadata file at the top of the page to quickly provide configuration values for the SSO app.

The following figure shows an example.

Uploading the service provider metadata is a simple way to configure the realm

Add users and groups to the SSO app

Add users and groups to your app as discussed in Add a user account to an enterprise application on learn.microsoft.com

What to do next

See Get Required Information For Your Microsoft Azure AD Realm (Active Authentication Only).