cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
jamesyang
Helper I
Helper I

SAML 2.0 Integration using Dyanmics 365(AAD) as IDP

We would like to implement SSO using SAML 2.0 , the login flow is:

1. our Model Driven Power App is installed in  Dynamics 365

2. user clicks on one of  menu in our App. It auto login the user to our external web app using saml2.0 protocol

   * Dynamics 365  is the SAML IDP (which is AAD), our external app is a SAML SP.

 

could anyone share how to implement this?

 

thanks

1 ACCEPTED SOLUTION

Accepted Solutions
ChrisPiasecki
Super User
Super User

Hi James yang, 

 

Can you provide some more detail about the external application? Is it a Power Apps portal, or a custom built app? If custom, I'd recommend reviewing the document below for configuring Saml2 auth in AAD. 

 

https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-saml-single-sign-on

 

You'll essentially need to register your service provider app in Azure AD. If you have the metadata XML file or Url for your SP it is straightforward, you can otherwise populate the configuration metadata manually.  You'll need to setup any claims mappings needed for your application to identity the user, and if needed, any authorization. 

 

For the service provider side of things, I recommend finding a SAML2 library to use available for the language used. I've used sustainsys/saml2 for .NET apps, and spring security saml for Java. 

 

The important thing to ensure is that the configuration is consistent on both sp and idp side. E.g. Signature algorithms, endpoints, signing behavior for assertions, etc. 

 

Hope this helps. Good luck. 

 

 

 

 

 

 

View solution in original post

3 REPLIES 3
alrez
Community Support
Community Support

Hi,

 

We have some documentation on SAML 2.0 in the dynamics environment here: https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/configure-saml2-settings

 

Take a look through it and see if that helps answer your question. If not this might be something that would be better to ask the Microsoft support team. If you would like to go down that route I'll include a link below; Otherwise if any other communities members have any idea feel free to chime in.

 

If you would like to create a ticket with Microsoft Customer Support here is a link on how to do so: https://docs.microsoft.com/en-us/power-platform/admin/get-help-support

 

Regards,

 

Alex

 

-------

 

Community Support Team _ Alex Rezac
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

ChrisPiasecki
Super User
Super User

Hi James yang, 

 

Can you provide some more detail about the external application? Is it a Power Apps portal, or a custom built app? If custom, I'd recommend reviewing the document below for configuring Saml2 auth in AAD. 

 

https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-saml-single-sign-on

 

You'll essentially need to register your service provider app in Azure AD. If you have the metadata XML file or Url for your SP it is straightforward, you can otherwise populate the configuration metadata manually.  You'll need to setup any claims mappings needed for your application to identity the user, and if needed, any authorization. 

 

For the service provider side of things, I recommend finding a SAML2 library to use available for the language used. I've used sustainsys/saml2 for .NET apps, and spring security saml for Java. 

 

The important thing to ensure is that the configuration is consistent on both sp and idp side. E.g. Signature algorithms, endpoints, signing behavior for assertions, etc. 

 

Hope this helps. Good luck. 

 

 

 

 

 

 

Thanks Alex. we have an external app. your suggestion works.

Helpful resources

Announcements
Power Platform Conf 2022 768x460.jpg

Join us for Microsoft Power Platform Conference

The first Microsoft-sponsored Power Platform Conference is coming in September. 100+ speakers, 150+ sessions, and what's new and next for Power Platform.

365 EduCon 768x460.png

Microsoft 365 EduCon

Join us for two optional days of workshops and a 3-day conference, you can choose from over 130 sessions in multiple tracks and 25 workshops.

Users online (1,987)