Edit

Share via

Register a SAML app in your external tenant

Applies to: Green circle with a white check mark symbol that indicates the following content applies to external tenants. External tenants (learn more)

In external tenants, you can register applications that use the OpenID Connect (OIDC) or Security Assertion Markup Language (SAML) protocol for authentication and single sign-on. The app registration process is designed specifically for OIDC apps. But you can use the Enterprise applications feature to create and register your SAML app. This process generates a unique application ID (client ID) and adds your app to the App registrations, where you can view and manage its properties.

This article describes how to register your own SAML application in your external tenant by creating a non-gallery app in Enterprise applications.

Prerequisites

Create and register a SAML app

  1. Sign in to the Microsoft Entra admin center as at least an Application Administrator.

  2. If you have access to multiple tenants, use the Settings icon in the top menu and switch to your external tenant from the Directories menu.

  3. Go to Identity > Applications> Enterprise applications.

  4. Select New application, and then select Create your own application.

    Screenshot of the Create your own application option in the Microsoft Entra Gallery.

  5. On the Create your own application pane, enter a name for your app.

  6. Select Integrate any other application you don't find in the gallery (Non-gallery).

  7. Select Create.

  8. The app Overview page opens. In the left menu under Manage, select Properties. Switch the Assignment required? toggle to No so that users can use self-service sign-up, and then select Save.

    Screenshot of the Assignment required toggle.

  9. In the left menu under Manage, select Single sign-on.

  10. Under Select a single sign-on method, select SAML.

    Screenshot of the Single sign-on method tile.

  11. On the SAML-based Sign-on page, do one of the following:

    • Select Upload metadata file, browse to the file containing your metadata, and then select Add. Select Save.
    • Or, use the Edit pencil option to update each section, and then select Save.

  12. At the third section under SAML Certificates, note that there's no Download button next to Federation Metadata XML. This button appears only in workforce tenants, not in external tenants. To download the metadata file in an external tenant, copy the link and paste it into your browser.

    Screenshot of the federation metadata xml link.

  13. Select Test, and then select the Test sign-in button to see if single sign-on is working. This test verifies that your current admin account can sign in using the https://login.microsoftonline.com endpoint.

    Screenshot of the test single sign-on option.

    You can test external user sign-in with these steps:

  • Last updated on