SAML2 Configuration Examples
This topic provides examples of what information is expected for an SAML2 provider for Microsoft Azure, Okta and OneLogin. For parameter descriptions, refer to Authentication with SAML2.
Microsoft Azure (recently renamed to Microsoft Entra ID)
Provider Information
Parameter | Example |
---|---|
Discovery Endpoint | https://login.microsoftonline.com/c2c50f21-66a7-41b4-9e9b-d401358e19e6/federationmetadata/2007-06/federationmetadata.xml?appid=458ee5eb-e22d-4dd1-a4e5-5d473c79e133 |
Entity ID | https://yourserver/biwebserver |
Provider Entity ID | https://sts.windows.net/yourentityID/ |
Provider Login Endpoint | https://login.microsoftonline.com/yourentityID/saml2 |
Provider Logout Endpoint | https://login.microsoftonline.com/yourentityID/saml2 |
Saml2 ACS URL |
Web Server: https://yourserver/Auth/CallbackSaml2 Excel Add-in: http://localhost:44390/excelAddin/loginCallback |
Logout URL |
https://yourserver/Logout/LoggedOut |
Certificate | SAML2Certificate.cer |
User Identifier | nameidentifier |
Configuration in Web Server
The following image is an example of the General tab where the values retrieved from the Azure provider are set.
Mapping Users
The following image is an example of how to map the Web Server user to their Azure account in the Users tab.
Okta
Provider Information
Parameter | Example |
---|---|
Discovery Endpoint | |
Entity ID | https://yourserver/biwebserver |
Provider Entity ID | http://www.okta.com/yourentityID |
Provider Login Endpoint | https://dev-40198417.okta.com/app/dev-40198417_saml2_1/yourentityID/sso/saml |
Provider Logout Endpoint | https://dev-40198417.okta.com/app/dev-40198417_saml2_1/yourentityID/sso/saml |
Saml2 ACS URL |
Web Server: https://yourserver/Auth/CallbackSaml2 |
Logout URL |
https://yourserver/Logout/LoggedOut |
Certificate | okta.cert |
User Identifier | nameidentifier |
Provider Information for Excel Add-in Setup
Parameter | Example |
---|---|
Discovery Endpoint | |
Entity ID | https://yourserver/exceladdin |
Provider Entity ID | http://www.okta.com/yourentityID |
Provider Login Endpoint | https://dev-40198417.okta.com/app/dev-40198417_saml2_1/yourentityID/sso/saml |
Provider Logout Endpoint | https://dev-40198417.okta.com/app/dev-40198417_saml2_1/yourentityID/sso/saml |
Saml2 ACS URL |
Excel Add-in:: https://localhost:44390/excelAddin/loginCallback |
Logout URL |
https://yourserver/Logout/LoggedOut |
Certificate | okta.cert |
User Identifier | nameidentifier |
Configuration in Web Server
The following image is an example of the General tab where the values retrieved from the Okta provider are set.
Mapping Users
The following image is an example of how to map the Web Server user to their Okta account in the Users tab.
OneLogin
Provider Information
Parameter | Example |
---|---|
Discovery Endpoint | https://app.onelogin.com/saml/metadata/cbfbba1c-baf4-4b65-a97c-d2706d631a36 |
Entity ID | https://yourserver/biwebserver |
Provider Entity ID | https://app.onelogin.com/saml/metadata/yourentityID/ |
Provider Login Endpoint | https://your-onelogin-server/trust/saml2/http-redirect/sso/yourentityID/ |
Provider Logout Endpoint | https://your-onelogin-server/trust/saml2/http-redirect/slo/yourentityID/ |
Saml2 ACS URL |
Web Server: https://yourserver/Auth/CallbackSaml2 Excel Add-in: http://localhost:44390/excelAddin/loginCallback |
Logout URL |
https://yourserver/Logout/LoggedOut |
Certificate | SAML2Certificate.cer |
User Identifier | nameid |
Configuration in Web Server
The following image is an example of the General tab where the values retrieved from the OneLogin provider are set.
Mapping Users
The following image is an example of how to map the Web Server user to their OneLogin account in the Users tab.