Skip to main content
Version: On prem: 15.0.4

Configure Microsoft Entra ID with SAML

DISCLAIMER


This page contains third-party references. We strive for our content to always be up-to-date, however, the content referring to external vendors may change independently of Omada. If you spot any inconsistency, please report it to our Helpdesk.

Microsoft Entra ID with SAML

To configure Microsoft Entra ID with SAML:

  1. Log in to the Azure Portal and create or edit the Microsoft Entra ID configuration.

  2. Select App registrations, then click + New registration.

  3. Type a name and a URL for the Omada Identity website. Select Accounts in the organizational directory only in the Supported account types, provide Redirect URI and click Register.

  4. From the Overview page of the new app registration, copy the Application ID. You will need it for step 7 in the next section, Configuring SAML from Enterprise applications.

Configuring SAML from Enterprise applications

  1. Log in to the Azure Portal and create or edit the Microsoft Entra ID configuration.

  2. Go to Basic SAML Configuration section and click the Edit button.

  3. Configure SAML settings.

  4. Configure the SAML Signing Certificate.

  5. In the SAML Certificates section, copy the content of the App Federation Metadata Url. You will need it for step 7 of this section.


    info

    cloud The following points refer to the Cloud Management Portal.

  6. Go to the Cloud Management Portal > Authentication tab. Fill in the Tenant ID and Application ID.

    This will cause the fields with calculated in brackets to be populated automatically by the portal.

  7. Make sure that the following three values got calculated correctly. You can compare them with the ones you previously copied to your clipboard:

    • In the Idp endpoint (calculated) field, the value (URL) should be the same as the App Federation Metadata Url.

    • The IdpIssuer value should be the same as the Application ID.

    • The IdpAudience value should have the format spn:<Application ID value>, for example: spn:a1b2c3d4-e5f6-7890-ab12-cdef34567890. This means the service principal identifier based on your Application ID.

      note

      On-prem In the on-prem solution, the values need to be copied and pasted manually.

  8. Click Apply.