Configure a single sign-on (SSO) app in Entra ID

Create a Microsoft Entra ID app to enable single sign-on (SSO) for users accessing a protected network.

This task discusses how to create an app in Microsoft Entra ID to handle single sign-on (SSO) from Entra ID when a network user attempts to access a protected network.

Procedure

Step 1

In the Microsoft Entra ID portal, click Enterprise Applications on the home page and follow the instructions in Configure Microsoft Entra SSO on learn.microsoft.com.

The following figure shows part of the SSO app configuration. You must provide some of the information displayed on this page when you configure the Microsoft Azure AD (SAML) realm. For more information, see Get required information for your Microsoft Azure AD realm (active authentication only).

In the Microsoft Entra ID portal, the Set up Single Sign-On with SAML page shows most of the values you need to configure the realm

Step 2

(Optional.) If you have already configured the Microsoft Azure AD (SAML) realm, click Upload metadata file at the top of the page to quickly provide configuration values for the SSO app.

The following figure shows an example.

Uploading the service provider metadata is a simple method to configure the realm.

Step 3

Add users and groups to your app as discussed in Add a user account to an enterprise application on learn.microsoft.com

What to do next

See Get required information for your Microsoft Azure AD realm (active authentication only).