SAML2 Configuration Examples
This topic provides examples of what information is expected for an SAML2 provider for Microsoft Azure and Okta. For parameter descriptions, refer to Authentication with SAML2.
Microsoft Azure
Provider Information
| Parameter | Example |
|---|---|
| Discovery Endpoint | https://login.microsoftonline.com/c2c50f21-66a7-41b4-9e9b-d401358e19e6/federationmetadata/2007-06/federationmetadata.xml?appid=458ee5eb-e22d-4dd1-a4e5-5d473c79e133 |
| Entity ID | https://yourserver/biwebclient |
| Provider Entity ID | https://sts.windows.net/yourentityID/ |
| Provider Login Endpoint | https://login.microsoftonline.com/yourentityID/saml2 |
| Provider Logout Endpoint | https://login.microsoftonline.com/yourentityID/saml2 |
| Saml2 ACS URL |
Web Client: https://yourserver:82/Auth/CallbackSaml2 Excel Add-in: http://localhost:44390/excelAddin/loginCallback |
| Logout URL |
https://yourserver:82/Logout/LoggedOut |
| Certificate | SAML2Certificate.cer |
| User Identifier | nameidentifier |
Configuration in Web Client
The following image is an example of the General tab where the values retrieved from the Azure provider are set.
Mapping Users
The following image is an example of how to map the Web Client user to their Azure account in the Users tab.
Okta
Provider Information
| Parameter | Example |
|---|---|
| Discovery Endpoint | https://login.microsoftonline.com/c2c50f21-66a7-41b4-9e9b-d401358e19e6/federationmetadata/2007-06/federationmetadata.xml?appid=458ee5eb-e22d-4dd1-a4e5-5d473c79e555 |
| Entity ID | https://yourserver/biwebclient |
| Provider Entity ID | http://www.okta.com/yourentityID |
| Provider Login Endpoint | https://dev-40198417.okta.com/app/dev-40198417_saml2_1/yourentityID/sso/saml |
| Provider Logout Endpoint | https://dev-40198417.okta.com/app/dev-40198417_saml2_1/yourentityID/sso/saml |
| Saml2 ACS URL |
Web Client: https://yourserver:82/Auth/CallbackSaml2 Excel Add-in: https://localhost:44390/excelAddin/loginCallback |
| Logout URL |
https://yourserver:82/Logout/LoggedOut |
| Certificate | okta.cert |
| User Identifier | nameidentifier |
Configuration in Web Client
The following image is an example of the General tab where the values retrieved from the Okta provider are set.
Mapping Users
The following image is an example of how to map the Web Client user to their Okta account in the Users tab.
