Microsoft Azure AD (SAML) realm: SAML service provider (SP) metadata

Configure the SAML service provider metadata to enable secure authentication between your Secure Firewall Threat Defense and Microsoft Entra ID.

This task discusses one page in a multi-page wizard to enable you to create a Microsoft Azure AD (SAML) realm.

Before you begin

Complete the tasks discussed in Microsoft Azure AD (SAML) realm: SAML details

Follow these steps to configure the SAML service provider metadata:

Procedure

Step 1

Continue from Microsoft Azure AD (SAML) realm: SAML details.

Step 2

Enter the following information.

Item

Description

Base URL

From the list, click the network object you previously created. Network users are directed to this URL when they try to access protected network resources.

You can also click Add (add icon) to create an object now.

Entity ID

Your SSO app's entity ID.

Assertion Consumer Services (ACS) URL

Automatically generated from the preceding values.

Service Provider Certificate

From the list, click the certificate to use to decrypt requests to the Secure Firewall Threat Defense.

You can also click Add (add icon) to create an object now.

Download Service Provider Metadata

(Optional.) Download the metadata associated with the service provider (that is, managed device) to simplify configuring your Microsoft Entra ID SSO app.

Step 3

Click Next.

What to do next

Microsoft Azure AD (SAML) Realm: SAML identity provider (IdP) metadata.