Skip to main content

SAML 2.0 Configuration Example

This section explains how to configure SAML 2.0 providers for Microsoft Azure, Okta and OneLogin, with reference examples for each. For details, see Authentication.

Microsoft Azure

Provider information

Parameter	Example
Discovery Endpoint	`https://login.microsoftonline.com/c2c50f21-66a7-41b4-9e9b-d401358e19e6/federationmetadata/2007-06/federationmetadata.xml?appid=458ee5eb-e22d-4dd1-a4e5-5d473c79e133`
Entity ID	`https://yourserver/biwebserver`
Provider Entity ID	`https://sts.windows.net/yourentityID/`
Provider Login Endpoint	`https://login.microsoftonline.com/yourentityID/saml2`
Provider Logout Endpoint	`https://login.microsoftonline.com/yourentityID/saml2`
SAML2 ACS URL	Web Server: `https://yourserver/Auth/CallbackSaml2` Excel Add-in: `http://localhost:44390/excelAddin/loginCallback`
Logout URL	`https://yourserver/Logout/LoggedOut`
Certificate	`SAML2Certificate.cer`
User Identifier	ID token claim for matching users. Prefer sub or oid for multitenant setups. `"sub": "bf38b88a-5c16-4f58-bf5a-87ccd8e5ad09"`

Authentication configuration example

Field	Example
Activate	Disabled
Description	`Sign In With Azure[SAML2]`
Discovery Endpoint	`https://login.microsoftonline.com/c2c50f21-66a7-4b4-9e9b-d401358e19e6/federationmetadata/2007-06/federationmetadata.xml?appid=458ee5eb-e22d-4dd1-a4e`
Entity ID	`https://[your_domain]/biwebclient`
Provider Entity ID	`https://sts.windows.net/c2c50f21-66a7-4b4-9e9b-d401358e19e6/`
Provider Login Endpoint	`https://login.microsoftonline.com/c2c50f21-.../saml2`
Provider Logout Endpoint	`https://login.microsoftonline.com/c2c50f21-.../saml2`
Saml2 ACS URL	Web Server: `http://[your-webclient-domain]:82/Auth/CallbackSaml2` Excel Add-in: `http://localhost:44390/excelAddin/loginCallback`
Logout URL	`http://[your-webclient-domain]:82/Logout/LoggedOut`
Certificate	`SAML2 Certificate.cer`
User Identifier	ID token claim for matching users. Prefer sub or oid for multitenant setups. `"sub": "bf38b88a-5c16-4f58-bf5a-87ccd8e5ad09"`
Force reauthentication	Off
Allow remember me	Off

Map users example

Field	Example
Username	`ADMIN`
Name	`ADMIN`
Email	`admin@companyname.com`
User Identifier	`"sub": "bf38b88a-5c16-4f58-bf5a-87ccd8e5ad09"`

Okta

Provider information

Parameter	Example
Discovery Endpoint
Entity ID	Web Server: `https://yourserver/biwebserver` Excel Add-in: `https://yourserver/exceladdin`
Provider Entity ID	`http://www.okta.com/yourentityID`
Provider Login Endpoint	`https://dev-40198417.okta.com/app/dev-40198417_saml2_1/yourentityID/sso/saml`
Provider Logout Endpoint	`https://dev-40198417.okta.com/app/dev-40198417_saml2_1/yourentityID/sso/saml`
SAML2 ACS URL	Web Server: `https://yourserver/Auth/CallbackSaml2` Excel Add-in: `https://localhost:44390/excelAddin/loginCallback`
Logout URL	`https://yourserver/Logout/LoggedOut`
Certificate	`okta.cert`
User Identifier	ID token claim for matching users. Prefer sub or oid for multitenant setups. `"sub": "bf38b88a-5c16-4f58-bf5a-87ccd8e5ad09"`

Authentication configuration example

Field	Example
Activate	Disabled
Description	`Sign In With Okta`
Discovery Endpoint	`https://login.microsoftonline.com/c2c50f21-.../federationmetadata.xml?appid= ...`
Entity ID	`https://[your_domain]:82/biwebclient`
Provider Entity ID	`http://www.okta.com/...[your_EntityId]`
Provider Login Endpoint	`https://dev- <oktaID>.okta.com/app/dev-<oktaID>_saml2/1.../sso/saml`
Provider Logout Endpoint	`https://dev- <oktaID>.okta.com/app/dev-<oktaID>_saml2/1.../slo/saml`
Saml2 ACS URL	Web Server: `http://[your-webclient-domain]:82/Auth/CallbackSaml2` Excel Add-in: `http://localhost:44390/excelAddin/loginCallback`
Logout URL	`https://[your_domain]:82/Logout/LoggedOut`
Certificate	`SAML2 Certificate.cer`
User Identifier	ID token claim for matching users. Prefer sub or oid for multitenant setups. `"sub": "bf38b88a-5c16-4f58-bf5a-87ccd8e5ad09"`
Force reauthentication	Off
Allow remember me	Off

Map users example

Field	Example
Username	`ADMIN`
Name	`ADMIN`
Email	`admin@companyname.com`
User Identifier	`"sub": "bf38b88a-5c16-4f58-bf5a-87ccd8e5ad09"`

OneLogin

Provider information

Parameter	Example
Discovery Endpoint	`https://app.onelogin.com/saml/metadata/cbfbba1c-baf4-4b65-a97c-d2706d631a36`
Entity ID	`https://yourserver/biwebserver`
Provider Entity ID	`https://app.onelogin.com/saml/metadata/yourentityID/`
Provider Login Endpoint	`https://your-onelogin-server/trust/saml2/http-redirect/sso/yourentityID/`
Provider Logout Endpoint	`https://your-onelogin-server/trust/saml2/http-redirect/slo/yourentityID/`
SAML2 ACS URL	Web Server: `https://yourserver/Auth/CallbackSaml2` Excel Add-in: `http://localhost:44390/excelAddin/loginCallback`
Logout URL	`https://yourserver/Logout/LoggedOut`
Certificate	`SAML2Certificate.cer`
User Identifier	ID token claim for matching users. Prefer sub or oid for multitenant setups. `"sub": "bf38b88a-5c16-4f58-bf5a-87ccd8e5ad09"`

Authentication configuration example

Field	Example
Activate	Disabled
Description	`Sign in with OneLogin`
Discovery Endpoint	`https://app.onelogin.com/saml/metadata/[attributes-and-entityID]`
Entity ID	`https://yourserver/biwebclient`
Provider Entity ID	`https://app.onelogin.com/saml/metadata/yourentityID`
Provider Login Endpoint	`https://your-onelogin-server/trust/saml2/http-redirect/sso/yourentityID`
Provider Logout Endpoint	`https://your-onelogin-server/trust/saml2/http-redirect/slo/yourentityID`
Saml2 ACS URL	Web Server: `http://[your-webclient-domain]:82/Auth/CallbackSaml2` Excel Add-in: `http://localhost:44390/excelAddin/loginCallback`
Logout URL	`http://[your-server]/Logout/LoggedOut`
Certificate	`SAML2 Certificate.cer`
User Identifier	ID token claim for matching users. Prefer sub or oid for multitenant setups. `"sub": "bf38b88a-5c16-4f58-bf5a-87ccd8e5ad09"`
Force reauthentication	Off
Allow remember me	Off

Map users example

Field	Example
Username	`ADMIN`
Name	`ADMIN`
Email	`admin@companyname.com`
User Identifier	`"sub": "bf38b88a-5c16-4f58-bf5a-87ccd8e5ad09"`

Microsoft Azure
Okta
OneLogin