SAML2 Configuration Examples

This topic provides examples of what information is expected for an SAML2 provider for Microsoft Azure, Okta and OneLogin. For parameter descriptions, refer to Authentication with SAML2.

Microsoft Azure (recently renamed to Microsoft Entra ID)

Provider Information

Parameter Example
Discovery Endpoint https://login.microsoftonline.com/c2c50f21-66a7-41b4-9e9b-d401358e19e6/federationmetadata/2007-06/federationmetadata.xml?appid=458ee5eb-e22d-4dd1-a4e5-5d473c79e133
Entity ID https://yourserver/biwebserver
Provider Entity ID https://sts.windows.net/yourentityID/
Provider Login Endpoint https://login.microsoftonline.com/yourentityID/saml2
Provider Logout Endpoint https://login.microsoftonline.com/yourentityID/saml2
Saml2 ACS URL

Web Server:

https://yourserver/Auth/CallbackSaml2

Excel Add-in:

http://localhost:44390/excelAddin/loginCallback

Logout URL

https://yourserver/Logout/LoggedOut

Certificate SAML2Certificate.cer
User Identifier nameidentifier

Configuration in Web Server

The following image is an example of the General tab where the values retrieved from the Azure provider are set.

Mapping Users

The following image is an example of how to map the Web Server user to their Azure account in the Users tab.

Okta

Provider Information

Parameter Example
Discovery Endpoint  
Entity ID https://yourserver/biwebserver
Provider Entity ID http://www.okta.com/yourentityID
Provider Login Endpoint https://dev-40198417.okta.com/app/dev-40198417_saml2_1/yourentityID/sso/saml
Provider Logout Endpoint https://dev-40198417.okta.com/app/dev-40198417_saml2_1/yourentityID/sso/saml
Saml2 ACS URL

Web Server:

https://yourserver/Auth/CallbackSaml2

Logout URL

https://yourserver/Logout/LoggedOut

Certificate okta.cert
User Identifier nameidentifier

 

Provider Information for Excel Add-in Setup

Parameter Example
Discovery Endpoint  
Entity ID https://yourserver/exceladdin
Provider Entity ID http://www.okta.com/yourentityID
Provider Login Endpoint https://dev-40198417.okta.com/app/dev-40198417_saml2_1/yourentityID/sso/saml
Provider Logout Endpoint https://dev-40198417.okta.com/app/dev-40198417_saml2_1/yourentityID/sso/saml
Saml2 ACS URL

Excel Add-in::

https://localhost:44390/excelAddin/loginCallback

Logout URL

https://yourserver/Logout/LoggedOut

Certificate okta.cert
User Identifier nameidentifier

Configuration in Web Server

The following image is an example of the General tab where the values retrieved from the Okta provider are set.

Mapping Users

The following image is an example of how to map the Web Server user to their Okta account in the Users tab.

OneLogin

Provider Information

Parameter Example
Discovery Endpoint https://app.onelogin.com/saml/metadata/cbfbba1c-baf4-4b65-a97c-d2706d631a36
Entity ID https://yourserver/biwebserver
Provider Entity ID https://app.onelogin.com/saml/metadata/yourentityID/
Provider Login Endpoint https://your-onelogin-server/trust/saml2/http-redirect/sso/yourentityID/
Provider Logout Endpoint https://your-onelogin-server/trust/saml2/http-redirect/slo/yourentityID/
Saml2 ACS URL

Web Server:

https://yourserver/Auth/CallbackSaml2

Excel Add-in:

http://localhost:44390/excelAddin/loginCallback

Logout URL

https://yourserver/Logout/LoggedOut

Certificate SAML2Certificate.cer
User Identifier nameid

Configuration in Web Server

The following image is an example of the General tab where the values retrieved from the OneLogin provider are set.

Mapping Users

The following image is an example of how to map the Web Server user to their OneLogin account in the Users tab.