Professional Documents
Culture Documents
Set Up An Azure AD Application
Set Up An Azure AD Application
The Azure application allows your users to use their Azure AD credentials to log in to a Salesforce org.
4. Enter an application name, select Web app / API as the type, and enter
https://salesforce.com as the sign-on URL. Click Create.
5. Choose the application from the App registrations pane. Copy and save the Application ID, and then select
Keys.
6. Enter a description and expiration date for the key. Save the settings, and copy the key value. To
configure the authentication provider in Salesforce, use the key and application ID in the next step.
Configure your Salesforce org to recognize Azure AD as the external authentication provider. This step tells your org to
use Azure AD credentials at login.
1. From Setup, enter Auth. Providers in the Quick Find box, and select Auth. Providers | New.
2. For the provider type, select Open ID Connect.
3. Enter a name for your Auth. Provider, such as MyAzure. Salesforce uses this name as the URL suffix in
the callback URL, which is how the application responds to the Salesforce authentication request. For
example, if the name and suffix combination is MyAzure, your SSO URL is similar to
https://mydomain_login_url or site_url/services/auth/sso/MyAzure.
4. For Consumer Key, paste the application ID that you copied earlier.
5. For Consumer Secret, paste the key.
6. Enter the Azure AD endpoints:
Authorize Endpoint URL—https://login.windows.net/common/oauth2/authorize
Token Endpoint URL—https://login.windows.net/common/oauth2/token
User Info Endpoint URL—https://login.windows.net/common/openid/userinfo
2. In Azure AD, navigate to the application configuration and select Reply URLs. Enter the
Salesforce callback URL as a new reply URL and save the setting.
The Auth. provider page in Salesforce lists a Test-Only Initialization URL. You can use this URL to check that the
configuration is set up correctly without logging in to the Salesforce org. When you open the URL in a browser and sign
in to Azure, you’re redirected back to Salesforce with a set of user attributes.
A registration handler is an Apex class that handles the heavy lifting of creating Salesforce users, updating users, and
linking to existing users, accounts, and contacts. Example registration handlers are available as Apex classes on a
GitHub site, including a SamlRegHandler and a SocialRegHandler. These handlers enable Salesforce SSO using
Salesforce as an authentication provider or an external authentication provider.
Now it’s time to test the end-to-end SSO configuration, including the registration handler and the
authentication process, and log in to your Salesforce org.