Assign AD to the Azure identity provider

Before you begin

Add AD to ETP. For instructions, see Add a directory.

Complete this procedure to assign your Active Directory (AD) to your Microsoft Azure AD third-party SAML identity provider.

To review the overall setup process for adding Azure as a third-party SAML identity provider, see Set up Microsoft Azure as a third-party SAML identity provider.

How to

  1. In the navigation menu, select Identity > Identity Providers.
    Note: If you are trying the new Enterprise Center interface, in the navigation menu, select Identity & Users > Identity Providers.
  2. Click the name of the Azure identity provider.
  3. Click the Directories tab.
  4. Click the link icon and select the AD that you added.
  5. Click Associate.

Next steps

  1. Confirm that users are synchronized and appear in ETP, including the user you associated with the application in Azure AD.
  2. Deploy the identity provider. For instructions, see Deploy configuration changes.
  3. If this is the first Azure identity provider that you are creating, add the Azure identity provider domains to an exception list. See Add identity provider domains to an exception list.
  4. Associate the identity provider with a policy that’s enabled for authentication. For more information, see Require authentication to access websites in an AUP category.
  5. Test single sign-on (SSO). After you assign the identity provider to a policy for authentication, you can try to access a website that requires authentication with the test user account you created.