This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 85%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
This authentication method is necessary to allow Italian citizens to authenticate themselves with the credentials issued by the Italian government https://www.spid.gov.it/en/.
The application is for students of the University of Brescia
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 26%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Thank you for posting this in Microsoft Q&A.
To better understand the issue, could you please provide more details? Are you asking how to use SPID authentication for Microsoft 365 specifically, or how to use SPID authentication in general for your application intended for students at the University of Brescia?
Thanks,
Navya.
For Microsoft 365 specifically and for all the users of the tenant
For Microsoft 365 specifically and for all the users of the tenant
Hi @Andrea Angelo Marinoni I’m working on your request regarding SPID authentication for your application. To clarify, for SPID to integrate with Microsoft 365. Could you please confirm if SPID will be acting as a SAML identity provider for your application, or if there are any other specific details we should consider for the integration?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 31%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
Hi @Navya
I confirm that SPID is based on the SAMLv2 protocol. (https://developers.italia.it/it/spid/)
Our environment is in managed mode and we would like to add the SPID authentication button to allow users to log in with this mode as well.
Thanks,
Davide
Hi @Andrea Angelo Marinoni and DavideRicciardulliPersonale-7671
To better understand your requirements, could we continue this discussion offline? Please send an email to azcommunity@microsoft.com with the subject line "ATTN: Navya" and include the following details in the body of the email: a link to this thread/post. We can then connect offline and discuss further.
Hi @Andrea Angelo Marinoni and DavideRicciardulliPersonale-7671
We haven't received a response from you regarding our previous message. Can you please send an email to azcommunity@microsoft.com with the subject line "ATTN: Navya". We would be happy to discuss this issue further with you.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 27%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Hello @Andrea Angelo Marinoni,
Thank you for posting your query on Microsoft Q&A.
Based on your description, I understand that you want to enable your users to log in to your tenant using SPID as an Identity Provider. As you confirmed, SPID uses SAML v2.0 as its authentication protocol.
To federate your Microsoft 365 users' identities with SPID, you need to establish communication between SPID, your SAML 2.0 identity provider, and Microsoft Entra ID. Typically, the relying party ID should be set to match the entityID from the Microsoft Entra metadata. To enable SPID as an Identity Provider (IdP), you must add or configure a domain to establish trust between the SAML 2.0 IdP and Microsoft Entra ID.
I recommend reviewing the following documents, which outline the steps to configure a SAML 2.0 IdP for Single Sign-On (SSO) with Microsoft 365 users:
If you are looking to set this up for external identities, you can refer to this document. Note that specific attributes and claims must be configured at the IdP to support federation:
To complete this setup, we can connect offline to explore the best approach and possibilities for federating identities with the SPID provider. I will coordinate with Navya to schedule a meeting. Please let us know your availability for the discussion.
Thanks,
Raja Pothuraju.
Hello @Andrea Angelo Marinoni,
Thank you for connecting offline to discuss about your requirements.
As we discussed, the scenario you're aiming for, where users can choose between two identity providers (e.g., Microsoft Entra ID or SPID IDP) at the time of login, is not supported in Entra ID. Authentication can only be managed by a single identity provider—either Microsoft Entra ID or a third-party provider like SPID, if supported. Once a domain is federated with a specific identity provider, all authentication is handled exclusively by that provider. It is not possible to make multiple identity providers available for users to select during login.
I hope this information is helpful. Please feel free to reach out if you have any further questions.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Thanks,
Raja Pothuraju.