What should be the sign on url azure active directory?
Answers
Answered by
1
Configure Azure Active Directory using express settings
In the Azure portal, navigate to your App Service app. In the left navigation, select Authentication / Authorization.
If Authentication / Authorization is not enabled, select On.
Select Azure Active Directory, and then select Express under Management Mode.
Select OK to register the App Service app in Azure Active Directory. This creates a new app registration. If you want to choose an existing app registration instead, click Select an existing app and then search for the name of a previously created app registration within your tenant. Click the app registration to select it and click OK. Then click OK on the Azure Active Directory settings page. By default, App Service provides authentication but does not restrict authorized access to your site content and APIs. You must authorize users in your app code.
(Optional) To restrict access to your site to only users authenticated by Azure Active Directory, set Action to take when request is not authenticated to Log in with Azure Active Directory. This requires that all requests be authenticated, and all unauthenticated requests are redirected to Azure Active Directory for authentication.
Click Save.
You are now ready to use Azure Active Directory for authentication in your App Service app.
(Alternative method) Manually configure Azure Active Directory with advanced settings
You can also choose to provide configuration settings manually. This is the preferred solution if the AAD tenant you wish to use is different from the tenant with which you sign into Azure. To complete the configuration, you must first create a registration in Azure Active Directory, and then you must provide some of the registration details to App Service.
Register your App Service app with Azure Active Directory
Log on to the Azure portal, and navigate to your App Service app. Copy your app URL. You will use this to configure your Azure Active Directory app registration.
Navigate to Active Directory, then select the App registrations, then click New application registration at the top to start a new app registration.
In the Create page, enter a Name for your app registration, select the Web App / API type, in the Sign-on URL box paste the application URL (from step 1). Then click to Create.
In a few seconds, you should see the new app registration you just created.
Once the app registration has been added, click on the app registration name, click on Settings at the top, then click on Properties
In the App ID URI box, paste in the Application URL (from step 1), also in the Home Page URL paste in the Application URL (from step 1) as well, then click Save
Now click on the Reply URLs, edit the Reply URL, paste in the Application URL (from step 1), modify the protocol to make sure you have https:// protocol (not http://), then appended to the end of the URL, /.auth/login/aad/callback (For example, https://contoso.azurewebsites.net/.auth/login/aad/callback). Click Save.
At this point, copy the Application ID for the app. Keep it for later use. You will need it to configure your App Service app.
Close the Registered app page. On the App registrations page, click on the Endpoints button at the top, then copy the Federation Metadata Document URL.
Open a new browser window and navigate to the URL by pasting and browsing to the XML page. At the top of document is an EntityDescriptor element, there should be an entityID attribute of the form https://sts.windows.net/ followed by a GUID specific to your tenant (called a "tenant ID"). Copy this value - it serves as your Issuer URL. You will configure your application to use it later.
Add Azure Active Directory information to your App Service app
Back in the Azure portal, navigate to your App Service app. Click Authentication/Authorization. If the Authentication/Authorization feature is not enabled, turn the switch to On. Click on Azure Active Directory, under Authentication Providers, to configure your app. (Optional) By default, App Service provides authentication but does not restrict authorized access to your site content and APIs. You must authorize users in your app code. Set Action to take when request is not authenticated to Log in with Azure Active Directory. This option requires that all requests be authenticated, and all unauthenticated requests are redirected to Azure Active Directory for authentication.
In the Active Directory Authentication configuration, click Advanced under Management Mode. Paste the Application ID into the Client ID box (from step 8) and paste in the entityId (from step 10) into the Issuer URL value. Then click OK.
On the Active Directory Authentication configuration page, click Save.
You are now ready to use Azure Active Directory for authentication in your App Service app.
In the Azure portal, navigate to your App Service app. In the left navigation, select Authentication / Authorization.
If Authentication / Authorization is not enabled, select On.
Select Azure Active Directory, and then select Express under Management Mode.
Select OK to register the App Service app in Azure Active Directory. This creates a new app registration. If you want to choose an existing app registration instead, click Select an existing app and then search for the name of a previously created app registration within your tenant. Click the app registration to select it and click OK. Then click OK on the Azure Active Directory settings page. By default, App Service provides authentication but does not restrict authorized access to your site content and APIs. You must authorize users in your app code.
(Optional) To restrict access to your site to only users authenticated by Azure Active Directory, set Action to take when request is not authenticated to Log in with Azure Active Directory. This requires that all requests be authenticated, and all unauthenticated requests are redirected to Azure Active Directory for authentication.
Click Save.
You are now ready to use Azure Active Directory for authentication in your App Service app.
(Alternative method) Manually configure Azure Active Directory with advanced settings
You can also choose to provide configuration settings manually. This is the preferred solution if the AAD tenant you wish to use is different from the tenant with which you sign into Azure. To complete the configuration, you must first create a registration in Azure Active Directory, and then you must provide some of the registration details to App Service.
Register your App Service app with Azure Active Directory
Log on to the Azure portal, and navigate to your App Service app. Copy your app URL. You will use this to configure your Azure Active Directory app registration.
Navigate to Active Directory, then select the App registrations, then click New application registration at the top to start a new app registration.
In the Create page, enter a Name for your app registration, select the Web App / API type, in the Sign-on URL box paste the application URL (from step 1). Then click to Create.
In a few seconds, you should see the new app registration you just created.
Once the app registration has been added, click on the app registration name, click on Settings at the top, then click on Properties
In the App ID URI box, paste in the Application URL (from step 1), also in the Home Page URL paste in the Application URL (from step 1) as well, then click Save
Now click on the Reply URLs, edit the Reply URL, paste in the Application URL (from step 1), modify the protocol to make sure you have https:// protocol (not http://), then appended to the end of the URL, /.auth/login/aad/callback (For example, https://contoso.azurewebsites.net/.auth/login/aad/callback). Click Save.
At this point, copy the Application ID for the app. Keep it for later use. You will need it to configure your App Service app.
Close the Registered app page. On the App registrations page, click on the Endpoints button at the top, then copy the Federation Metadata Document URL.
Open a new browser window and navigate to the URL by pasting and browsing to the XML page. At the top of document is an EntityDescriptor element, there should be an entityID attribute of the form https://sts.windows.net/ followed by a GUID specific to your tenant (called a "tenant ID"). Copy this value - it serves as your Issuer URL. You will configure your application to use it later.
Add Azure Active Directory information to your App Service app
Back in the Azure portal, navigate to your App Service app. Click Authentication/Authorization. If the Authentication/Authorization feature is not enabled, turn the switch to On. Click on Azure Active Directory, under Authentication Providers, to configure your app. (Optional) By default, App Service provides authentication but does not restrict authorized access to your site content and APIs. You must authorize users in your app code. Set Action to take when request is not authenticated to Log in with Azure Active Directory. This option requires that all requests be authenticated, and all unauthenticated requests are redirected to Azure Active Directory for authentication.
In the Active Directory Authentication configuration, click Advanced under Management Mode. Paste the Application ID into the Client ID box (from step 8) and paste in the entityId (from step 10) into the Issuer URL value. Then click OK.
On the Active Directory Authentication configuration page, click Save.
You are now ready to use Azure Active Directory for authentication in your App Service app.
Similar questions