DNN SAML Single Sign-On (SSO) Using Azure AD As IDP

2. Configure Azure AD as Identity Provider (Azure AD setup using ENTERPRISE APPLICATION)

• Login into Azure AD Portal. Select Azure Active Directory.

• Navigate to Enterprise Applications section and click on Add.

• Now click on New Application to create new application.

• Click on Create your own application. Enter the name for your app. Select the 3rd option in What are you looking to do with your application section and then click on Create button.

• Click on Single sign-on from the application's left-hand navigation menu and select SAML.

• Edit BASIC SAML CONFIGURATION and enter the SP Entity ID for Identifier and the ACS URL for Reply URL from Service Provider Info tab of the plugin.

• Copy App Federation Metadata Url. This will be used while configuring the DNN SAML authentication provider.

• Assign users and groups to your SAML application.
• Click on Users and groups from the applications left-hand navigation menu.
• After clicking on Add user, Select Users and groups in the Add Assignment screen. Search or invite an external user. Select the appropriate user and click on the Select button.
• After selecting the appropriate user, click on the Assign button.

3. Configure DNN SAML Authentication Provider as Service Provider

• For configuring application in the authentication provider, click on the Add new IdP button in the Identity Provider Settings tab.


A] Select your Identity Provider

• Select Azure AD (Microsoft EntraID) from the list. You can also search for your Identity Provider using the search box.


B] Configure your Identity Provider

• Under the Service Provider Settings tab,download SP metadata as a XML document or copy the metadata url.
• Alternatively, copy and paste the SP Entity ID and ACS Url from the SP metadata Table to Azure AD configuration page.


C] Configure your Service Provider

• To upload IdP's metadata, you can use the Upload IdP metadata button under the Identity Provider Settings tab, if you have the IdP metadata URL or the IdP metadata .xml file.
• Alternatively, you can copy the IDP Entity ID and Single Sign-On Url values from the IdP and fill them up under the Identity Provider Settings tab.

4. Testing SAML SSO

• Click the Test Configuration button to verify if you have configured the plugin correctly.
• On successful configuration, you will get Attribute Name and Attribute Values in the Test Configuration window.

5. Attribute Mapping

• For attribute mapping select the Edit Configuration from the select actions dropdown.
• Map email and username with Attribute Name you can see in Test Configuration window and save the settings.

6. Get the Single Sign-On (SSO) link for your application

• You can find the SSO Link in the Action dropdown in Applications List of the authentication provider.

You can even configure the ASP.NET SAML Single Sign-On (SSO) module with any identity provider such as ADFS, Microsoft Entra ID (formerly Azure AD), Bitium, centrify, G Suite, JBoss Keycloak, Okta, OneLogin, Salesforce, AWS Cognito, OpenAM, Oracle, PingFederate, PingOne, RSA SecureID, Shibboleth-2, Shibboleth-3, SimpleSAML, WSO2 or even with your own custom identity provider. To check other identity providers, click here.

Additional Resources

• DNN SAML Single Sign-On (SSO)
• DNN OAuth Single Sign-On (SSO)
• ASP.NET SAML Single Sign-On (SSO)
• nopCommerce SAML Single Sign-On (SSO)
• Umbraco SAML Single Sign-On (SSO)