Jaa


Creating Your Own SSO Application with Azure Active Directory

As I’m writing this, there are over 2,500 pre-federated application available in the Azure AD Gallery.  But, what if yours isn’t in there?  No sweat.

Log into your Azure subscription and navigate to Azure Active Directory.  From there add an application.  You’ll want to choose the middle option to create one from the gallery.

image

You have the ability to search through the gallery for applications or if you know it’s not in there – just choose the ‘custom’ option as highlighted and enter the name that you want to appear in the https://myapps.microsoft.com portal for your users.

image

Once added choose the “configure SSO” option.

image

In our case the application just requires a username and a password so we’ll choose the “password SSO” option.  In our example we are going to pre-populate the credential so that all users would use the same login to sign in.  You of course have the option to allow the users to self-service that credential as well.

image

The next step is to provide the URL to the sign-in page.

image

Now AAD will want to ‘capture’ the login fields for us.  Click the “click to sign-in” link and it will open the web page where you will then place your cursor into the username field and enter a credential.  Your credential is not store here – AAD is just using it to verify the appropriate fields.

image

Click on the username field and enter a credential.  Same for the password then login.

image

AAD will ask you to save the login details.

image

Now you’re back in the Azure portal where you will click the ‘sign-in succeeded’ check box and continue on.

image

On the next page you have the option to view the fields that were captured.

image

Now you’ll want to assign users access to the application in Azure AD.  Pretty straightforward here.  As I mentioned in my scenario I’m going to pre-populate a credential that all users will use when the access the application.

image

Now when my users accesses the MyApps portal (https://myapps.microsoft.com) they’ll see the custom application available to them.  When they click on it, they will be signed in using the credential the Azure administrator defined in the previous step.

image

Voila!  Success!

image

A few advanced options that are available…if you go into the ‘configure’ tab…

image

You can do things like:

  • Add a custom logo
  • Configure MFA on a per-application basis
  • Allow your users to self-service their own access to your custom application