Azure SSO

11 min

finding metadata in azure for sso configuration introduction this document provides step by step instructions on where to locate the metadata in microsoft azure when configuring single sign on (sso) for a new software integration prerequisites administrator access to your azure portal the application must be registered in azure enterprise applications easiest sso setup is with a metadata url finding this link will allow you to simply copy and paste the url and you can rely on us to do the rest! locating the metadata url method 1 enterprise applications (most common) sign in to the https //entra microsoft com/ (formerly azure active directory admin center) navigate to identity > applications > enterprise applications select your application from the list (or search for it using the search bar) select single sign on from the left menu on the set up single sign on with saml page, scroll down to the saml certificates section look for app federation metadata url this is the url you need to provide to your software provider method 2 downloading the federation metadata xml if the software vendor requires the xml file instead of the url follow steps 1 5 from method 1 in the saml certificates section, click download next to federation metadata xml save this file to your computer upload this file to your software provider's sso configuration page method 3 tenant specific federation metadata url for advanced configurations, you can use the tenant specific endpoint template https //login microsoftonline com/\<tenantdomainname>/federationmetadata/2007 06/federationmetadata xml replace \<tenantdomainname> with one of your registered domain name (e g , contoso onmicrosoft com) your tenant id (a guid) what information is shared via the metadata url? the metadata url provides the following information to your software provider identity provider (idp) entity id sso endpoint urls x 509 certificate for signature verification attributes/claims mapping information protocol support information next steps after locating and sharing the metadata url confirm with your software provider that they received the information complete any additional configuration steps required by the software test the sso configuration with a test user before rolling out to all users configure user assignments in the enterprise application if needed troubleshooting if the software provider has trouble processing the metadata url try downloading and providing the federation metadata xml file instead verify your application is properly configured with saml in azure check if your software provider needs specific claim mappings configured note this documentation reflects microsoft entra id (formerly azure ad) as of april 2025 interface elements and paths may change in future azure portal updates