Fortinet black logo

Cookbook

Setting up single sign-on for an enterprise application

Copy Link
Copy Doc ID 52c06fe2-eb01-11eb-97f7-00505692583a:236382
Download PDF

Setting up single sign-on for an enterprise application

Once the application is created, you can set up single sign-on for your application.

To set up single sign-on:
  1. Go to Azure Active Directory > Enterprise applications.
  2. In Enterprise applications, enter the name of your enterprise application in the search bar, and click the application to open it.

    See Creating an enterprise application in Azure Portal.

  3. Select Get Started in Set up single sign on.
  4. In Single sign-on, select SAML.

    The SAML-based Sign-on window opens.

  5. In the SAML-based Sign-on window, select Edit in the Basic SAML Configuration pane.
  6. In the Basic SAML Configuration window, enter the following information from the FortiAuthenticator SP:
    1. In Identifier (Entity ID), enter the SP entity ID.
    2. In Reply URL (Assertion Consumer Service URL), enter the URL where the application receives the authentication token.
    3. In Sign on URL, enter the URL for the sign-in page for the application.
    4. In Relay State, enter the URL to which the user is redirected to by the SP after a successful assertion response.
    5. In Logout Url, enter the URL used to send the SAML logout response back to the application.
    6. Click Save.

  7. See Adding a user group SAML attribute to the enterprise application and Adding users to an enterprise application.

Setting up single sign-on for an enterprise application

Once the application is created, you can set up single sign-on for your application.

To set up single sign-on:
  1. Go to Azure Active Directory > Enterprise applications.
  2. In Enterprise applications, enter the name of your enterprise application in the search bar, and click the application to open it.

    See Creating an enterprise application in Azure Portal.

  3. Select Get Started in Set up single sign on.
  4. In Single sign-on, select SAML.

    The SAML-based Sign-on window opens.

  5. In the SAML-based Sign-on window, select Edit in the Basic SAML Configuration pane.
  6. In the Basic SAML Configuration window, enter the following information from the FortiAuthenticator SP:
    1. In Identifier (Entity ID), enter the SP entity ID.
    2. In Reply URL (Assertion Consumer Service URL), enter the URL where the application receives the authentication token.
    3. In Sign on URL, enter the URL for the sign-in page for the application.
    4. In Relay State, enter the URL to which the user is redirected to by the SP after a successful assertion response.
    5. In Logout Url, enter the URL used to send the SAML logout response back to the application.
    6. Click Save.

  7. See Adding a user group SAML attribute to the enterprise application and Adding users to an enterprise application.