-
Log in to Azure and go to Enterprise applications.
-
Click on New application.
-
Click on Create your own application, and then in the tab that opens on the right, add a name for your application and click Create.
-
Click on Single sign-on on the left side bar and then select SAML.
-
In Basic SAML Configuration, click Edit and add the following information for each account:
-
Entity ID: P2jjoZjJrdr3NlCSRZjKMVOd8wn7-<account>
-
Reply URL: https://api.descope.com/v1/auth/saml/acs?projectId=P2jjoZjJrdr3NlCSRZjKMVOd8wn7&tenantId=<account>
-
-
In Attributes & Claims, click Edit and do the following:
-
Delete all of the additional claims (use the three-dots button for each).
-
Click Add new claim and add each of the following claims one at a time (click Save after adding each):
-
-
In Users and groups on the left, add all of your chosen groups.
-
Send us the following information (from the Single Sign-On page):
-
Login URL
-
Microsoft Entra Identifier
-
Certificate (Base64)
-
-
Alternatively, you can provide the Federation XML, as illustrated below. An SSO implementation based on federation protocols improves security, reliability, and end-user experience, and is easier to implement. Choose SAML Single Sign-On whenever possible for existing applications that do not use OpenID Connect or OAuth.
