Share via

How can I have multiple ACS URLs on a single SAML application

Todd Wolfe 0 Reputation points
2024-10-30T19:20:51.7666667+00:00

I was given 2 separate login entries for an application to setup SSO using M365 SAML. It works for each individual reply URL but one is for managers to login to and the other is for the rest of our staff to login to. The account in the application is tagged somehow to put them into one of those 2 categories. I only have one User Access URL address to begin the authentication. Is there a way to reference multiple ACS URL entries? I can create separate buttons in our SharePoint site if I knew how to reference the individual ACS URLs.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,102 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Goutam Pratti 265 Reputation points Microsoft Vendor
    2024-11-07T03:25:05.8666667+00:00

    Hello @Todd Wolfe ,

    Thank you for reaching out Microsoft Q&A.

    I understand that you have two separate login entries to set up SSO for an application using M365 SAML, with two specific reply URLs: one designated for managers and the other for staff. However, you have only a single User Access URL to initiate authentication.

    In your scenario, if you configure the enterprise application with the Reply URL specifically designated for managers, the authentication token (SAML response) will only be sent to that configured URL within the application. Similarly, if you configure the application to use the Reply URL for staff, the SAML response will only be directed to the staff-specific URL.

    This setup implies that the application can only support a single Assertion Consumer Service (ACS) URL at a time, meaning you cannot configure multiple Reply URLs within the same application instance to receive authentication tokens for different user groups simultaneously. As a result, it’s not feasible to authenticate both managers and staff using just one User Access URL for the login process. Each group would need to initiate authentication through a separate path, or you’d need to choose one Reply URL to handle authentication requests.

    For more information, you can refer to this thread: Microsoft Q&A on Multiple SAML Responses.

    Hope this helps. Do let us know if you any further queries.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

    Regards,
    Goutam Pratti.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.