Page tree


Before you configure the SAML federation for Azure AD (Active Directory), ensure that you have completed the following:

To create a SAML application for your Azure AD 3rd party IdP, complete the following:


Ensure that you have the required privileges to create and manage a SAML 2.0 application/federation.
  1. Log in to the Azure portal as an administrator and click Azure Active Directory in the left navigation panel.
  2. In the Azure Active Directory panel, click Manage -> Enterprise applications.
    (Alternatively, you can click Getting started -> Set up single sign-on to create a SAML application.)
  3. On the Enterprise applications page, click New application to create a new application.
  4. On the Browser Azure AD Gallery (Preview) page, search for "Azure AD SAML" to locate the Azure AD SAML Toolkit, as shown below:

    You can also use the non-gallery application in the old app gallery by clicking "Click here to switch back to the old app gallery experience. →" to add an application, as shown below:

  5. Assign users and groups to the application as needed.
  6. In the Manage section, select Single sign-on, and then select SAML, as shown below:
  7. On the SAML Configuration page, complete the following sections:


    1. In section 1: Basic SAML Configuration Setting, complete the following:
      1. Identifier (Entity ID): Enter the Audience URI that you copied when generating the audience keys.
      2. Reply URL (Assertion Consumer Service URL): Enter the HUB ACS URL that you copied when generating the audience keys.

      3. Sign on URL: Enter the same value that you used in the Reply URL (Assertion Consumer Service URL) field.


        The subjectNameID in the SAML assertion must be the user’s email address, and the email address must have a domain name that matches the domain for which the federation is being configured.

    2. In section 2: User Attributes and Claims, complete the following:
      1. Click Add a group claim, as shown below:
      2. In the Group Claims dialog, complete the following:
        1. Which groups associated with the user should be returned in the claim: Select Security groups.
        2. Source attribute: Choose Group ID from the drop-down menu.
        3. In the Advanced options section, select the Customize the name of the group claim check box.
        4. Name (required): Enter groups.
        5. Click Save.

    3. In section 3: SAML Signing Certificate, complete the following:
      1. Download the Certificate(Base64), and save it for later.
    4. In section 4: Set up "<your application>," complete the following:
      1. Copy the Login URI and Azure AD Identifier, and save them for later.
  8. Go back to the Infoblox SSO Portal.
  9. In the Infoblox SSO Portal, go to Authentication -> 3rd Party IdP, click Configure Azure SAML and then complete the following:
    1. Login URL: Enter or paste the Login URI you copied from the Azure Set up <your application> section.
    2. Azure AD Identifier: Enter or paste the Azure AD Identifier you copied from the Set up <your application> section.
    3. Signature Certificate: Paste the certificate you copied from the Azure SAML Signing Certificate section. The SSO Portal supports Base64 certificates with the following file extensions: .crt, .pem, and .ca-bundle.
  10. Click Save and Close.
  11. After you have configured the SAML application, you can complete the following configuration:
  12. You can also perform the following after you set up 3rd party IdP authentication:

  • No labels

This page has no comments.