Add Microsoft Azure AD as a third-party SAML identity provider

Before you begin

Confirm that you completed the required setup in the Azure portal. See Set up Microsoft Azure as a third-party SAML identity provider.

Complete this procedure to add Microsoft Azure AD as a third-party SAML identity provider.

How to

  1. In the navigation menu, select Identity > Identity Providers.
    Note: If you are trying the new Enterprise Center interface, in the navigation menu, select Identity & Users > Identity Providers.
  2. Configure basic identity provider settings:
    1. In the Name and Description fields, enter a name and description for the IdP.
    2. In the Provider Type menu, select Third-Party SAML.
    3. Click Continue.
  3. In the General settings section:
    1. For Identity Intercept, select Use Akamai domain and enter a hostname. The identity intercept is the URL for the authentication page that’s presented to users. The hostname you provide here is the one you entered in the Set up single sign-on for Enterprise Application Access application procedure.
    2. In the Akamai Cloud Zone, select a cloud zone that is closest to the user base.
  4. In the Session section, use the default settings for the Session Idle Expiry, Limit Session Life, and Max Session Duration fields.
  5. In the Authentication section, complete these steps:
    1. In the URL field, enter the URL that you provided for the Identity Intercept.
    2. Select Sign SAML request.
    3. Select Encrypted SAML response.
    4. For the IdP metadata file, click Choose File.
    5. Browse to the metadata file and click Open.
  6. In the Advanced Settings, select Enable authorization.
  7. Click Save.

Next steps

  1. Create and download an identity connector
  2. Add AD to ETP. As part of this procedure, make sure you assign an identity connector to the directory. For instructions, see Add a directory.
  3. Assign AD to the Azure identity provider