Let’s say your organization want’s to setup a solution against a 3rd party web solution that is hosted in the cloud like a accounting system. And your organization has a rule about this should be Single Sing-On and use your domain login credentials. You already have Azure AD Connector setup with password sync and have all the users synced to Azure AD. And then you realize that the Provider does not have a finished application with a guide in the Enterprise Application store. So what to do then?
The company setting this up will most likely support Saml-based sign on.
Well you create a Non-gallery application.
Once you are in click on Configure single sign-on
Now let’s go down to the SAML certificate and download the metadata xml file. In here is the certificate that the provider needs to give you the correct identifier url to enter in this page.
Now let’s send over the XML file and get the info for the identifier, reply url and the sign on url under advanced tab. Enter these in and save the config.
Here is an example of how one i did last week is setup. Notice that the url’s do not end with a /, make sure not to have a / at the end or it will not work.
Once this is done you need to provision a user or group to get access to the application and then you are done. You can setup conditional access as well if you want.