Assign AD to the Azure identity provider

Before you begin

Add AD to ETP. For instructions, see Add a directory.

Complete this procedure to assign your Active Directory (AD) to your Microsoft Azure AD third-party SAML identity provider.

To review the overall setup process for adding Azure as a third-party SAML identity provider, see Set up Microsoft Azure as a third-party SAML identity provider.

How to

  1. In the Enterprise Center navigation menu, select Identity & Users > Identity Providers.
  2. Click the name of the Azure identity provider.
  3. Click the Directories tab.
  4. Click the link icon and select the AD that you added.
  5. Click Associate.

Next steps

  1. Confirm that users are synchronized and appear in ETP, including the user you associated with the application in Azure AD.
  2. Deploy the identity provider:
    • If you are trying the new Enterprise Center interface, in the identity provider configuration, you can click the icon next to the Ready for Deployment status. A deployment icon also appears next to a failed deployment status in case you need to deploy the identity provider again. This action starts the deployment process.
    • Deploy identity provider configuration changes in the list of Pending Changes. For more information, see Deploy configuration changes
  3. If this is the first Azure identity provider that you are creating, add the Azure identity provider domains to an exception list. See Add identity provider domains to an exception list.
  4. Associate the identity provider with a policy that’s enabled for authentication. For more information, see Require authentication to access a website or web application.
  5. Test single sign-on (SSO). After you assign the identity provider to a policy for authentication, you can try to access a website that requires authentication with the test user account you created.