Configure Microsoft enhanced client or proxy in a SaaS application

Configure Microsoft enhanced client or proxy (ECP) in EAA and view the ECP URL in the EAA metadata.

Before you begin

Learn more about SAML IdP with Microsoft enhanced client or proxy.

Complete this procedure to configure Microsoft enhanced client or proxy (ECP) in EAA and view the ECP URL in the EAA metadata.

How to

  1. Configure federation for the domain. Connect to Microsoft online services server and run a typical command to federate a session.
  2. Pass the Enhanced Client or Proxy (ECP) URL to the Active Log On URL. For example, https://<IDP-FQDN>/saml/idp/ecp. To do so, run a command in the Microsoft online services and to get the ECP URL for the Active Log on URL.
    Microsoft online services command window
    Microsoft online services command window with ActiveLogOnURL
  3. Log in to Enterprise Application Access Management Portal.
  4. From the top menu bar, click Applications.
  5. Locate the application you want to configure ECP for.
  6. Click the Settings (gear) icon > SAML settings > ECP settings.
  7. Select Enable ECP.
  8. For Microsoft Office 365 configurations, select Sign only assertions.
    Note: For Microsoft Office 365 configurations, do not select Sign assertions and response envelope. Microsoft Office 365 will only work with Sign only assertions.
    ECP settings
  9. Click Save and go to deployment.

    The application status changes to Ready for deployment. Click Click to deploy application.

  10. When finished, click Done.
  11. EAA adds the ECP URL to the metadata. To view the ECP URL in the metadata, return to the application card and click the Settings (gear) icon > SAML settings > Metadata > View.

Next steps

Deploy the application for the changes to go into effect.