SAML 2.0 Configuration Example
This section explains how to configure SAML 2.0 providers for Microsoft Azure, Okta and OneLogin, with reference examples for each.
Microsoft Azure
Provider information
| Parameter | Example |
|---|---|
| Discovery Endpoint | https://login.microsoftonline.com/c2c50f21-66a7-41b4-9e9b-d401358e19e6/federationmetadata/2007-06/federationmetadata.xml?appid=458ee5eb-e22d-4dd1-a4e5-5d473c79e133 |
| Entity ID | https://yourserver/biwebserver |
| Provider Entity ID | https://sts.windows.net/yourentityID/ |
| Provider Login Endpoint | https://login.microsoftonline.com/yourentityID/saml2 |
| Provider Logout Endpoint | https://login.microsoftonline.com/yourentityID/saml2 |
| SAML2 ACS URL | https://yourserver/Auth/CallbackSaml2http://localhost:44390/excelAddin/loginCallback |
| Logout URL | https://yourserver/Logout/LoggedOut |
| Certificate | SAML2Certificate.cer |
| User Identifier | nameidentifier |
Authentication configuration example
| Field | Example |
|---|---|
| Activate | Disabled |
| Description | Sign In With Azure[SAML2] |
| Discovery Endpoint | https://login.microsoftonline.com/c2c50f21-66a7-4b4-9e9b-d401358e19e6/federationmetadata/2007-06/federationmetadata.xml?appid=458ee5eb-e22d-4dd1-a4e |
| Entity ID | https://[your_domain]/biwebclient |
| Provider Entity ID | https://sts.windows.net/c2c50f21-66a7-4b4-9e9b-d401358e19e6/ |
| Provider Login Endpoint | https://login.microsoftonline.com/c2c50f21-.../saml2 |
| Provider Logour Endpoint | https://login.microsoftonline.com/c2c50f21-.../saml2 |
| Saml2 ACS URL | http://[your-webclient-domain]:82/Auth/CallbackSaml2http://localhost:44390/excelAddin/loginCallback |
| Logout URL | http://[your-webclient-domain]:82/Logout/LoggedOut |
| Certificate | SAML2 Certificate.cer |
| User Identifier | nameidentifier |
| Force reauthentification | Off |
| Allow remember me | Off |
Map users example
| Field | Example |
|---|---|
| Username | ADMIN |
| Name | ADMIN |
[email protected] | |
| User Identifier | [email protected] |
Okta
Provider information
| Parameter | Example |
|---|---|
| Discovery Endpoint | |
| Entity ID | https://yourserver/biwebserverhttps://yourserver/exceladdin |
| Provider Entity ID | http://www.okta.com/yourentityID |
| Provider Login Endpoint | https://dev-40198417.okta.com/app/dev-40198417_saml2_1/yourentityID/sso/saml |
| Provider Logout Endpoint | https://dev-40198417.okta.com/app/dev-40198417_saml2_1/yourentityID/sso/saml |
| SAML2 ACS URL | https://yourserver/Auth/CallbackSaml2https://localhost:44390/excelAddin/loginCallback |
| Logout URL | https://yourserver/Logout/LoggedOut |
| Certificate | okta.cert |
| User Identifier | nameidentifier |
Authentication configuration example
| Field | Example |
|---|---|
| Activate | Disabled |
| Description | Sign In With Okta |
| Discovery Endpoint | https://login.microsoftonline.com/c2c50f21-.../federationmetadata.xml?appid= ... |
| Entity ID | https://[your_domain]:82/biwebclient |
| Provider Entity ID | http://www.okta.com/...[your_EntityId] |
| Provider Login Endpoint | https://dev- <oktaID>.okta.com/app/dev-<oktaID>_saml2/1.../sso/saml |
| Provider Logout Endpoint | https://dev- <oktaID>.okta.com/app/dev-<oktaID>_saml2/1.../slo/saml |
| Saml2 ACS URL | http://[your-webclient-domain]:82/Auth/CallbackSaml2http://localhost:44390/excelAddin/loginCallback |
| Logout URL | https://[your_domain]:82/Logout/LoggedOut |
| Certificate | SAML2 Certificate.cer |
| User Identifier | nameidentifier |
| Force reauthentification | Off |
| Allow remember me | Off |
Map users example
| Field | Example |
|---|---|
| Username | ADMIN |
| Name | ADMIN |
[email protected] | |
| User Identifier | [email protected] |
OneLogin
Provider information
| Parameter | Example |
|---|---|
| Discovery Endpoint | https://app.onelogin.com/saml/metadata/cbfbba1c-baf4-4b65-a97c-d2706d631a36 |
| Entity ID | https://yourserver/biwebserver |
| Provider Entity ID | https://app.onelogin.com/saml/metadata/yourentityID/ |
| Provider Login Endpoint | https://your-onelogin-server/trust/saml2/http-redirect/sso/yourentityID/ |
| Provider Logout Endpoint | https://your-onelogin-server/trust/saml2/http-redirect/slo/yourentityID/ |
| SAML2 ACS URL | https://yourserver/Auth/CallbackSaml2http://localhost:44390/excelAddin/loginCallback |
| Logout URL | https://yourserver/Logout/LoggedOut |
| Certificate | SAML2Certificate.cer |
| User Identifier | nameid |
Authentication configuration example
| Field | Example |
|---|---|
| Activate | Disabled |
| Description | Sign in With OneLogin |
| Discovery Endpoint | https://app.onelogin.com/saml/metadata/[attributes-and-entityID] |
| Entity ID | https://yourserver/biwebclient |
| Provider Entity ID | https://app.onelogin.com/saml/metadata/yourentityID |
| Provider Login Endpoint | https://your-onelogin-server/trust/saml2/http-redirect/sso/yourentityID |
| Provider Logour Endpoint | https://your-onelogin-server/trust/saml2/http-redirect/slo/yourentityID |
| Saml2 ACS URL | http://[your-webclient-domain]:82/Auth/CallbackSaml2http://localhost:44390/excelAddin/loginCallback |
| Logout URL | http://[your-server]/Logout/LoggedOut |
| Certificate | SAML2 Certificate.cer |
| User Identifier | nameidentifier |
| Force reauthentification | Off |
| Allow remember me | Off |
Map users example
| Field | Example |
|---|---|
| Username | ADMIN |
| Name | ADMIN |
[email protected] | |
| User Identifier | [email protected] |