Azure Archive

Configuring Microsoft Entra ID (Azure) SAML-based SSO for SAFIRE

Microsoft recommends integrating Entra ID into SAFIRE via a SAML Proxy such as Shibboleth, which mirror’s the R&E federation communty’s guidence. While it is possible to connect Microsoft Entra ID directly into SAFIRE, this has several caveats and cannot be guaranteed as a long-term solution. This documentation assumes that you already have an Microsoft Entra ID tenant correctly configured and provisioned with your institution’s user accounts. To configure Microsoft Entra ID as an identity provider for SAFIRE, you need to configure SAML-based SSO.

Configuring SimpleSAMLphp to use Entra ID (Azure AD)

This documentation will guide you through the Microsoft Entra ID (Azure AD) configuration process as an authentication source in SimpleSAMLphp. By integrating Entra ID in this way, you can retain your users’ familiar login experience while leveraging SimpleSAMLphp’s flexibility to fetch and/or manipulate attributes from Entra ID and other sources. While SAFIRE can directly work with Entra ID or SimpleSAMLphp (as explained in our Configuring Entra ID SAML-based SSO for SAFIRE and Configuring SimpleSAMLphp for SAFIRE documentation), you may find yourself in a situation where this approach better fits your use case.

South African Identity Federation