With Pro Plus and Enterprise plan, you can configure SAML 2.0 with OptiSigns via Azure AD. The Azure AD will be acting as the IDP (Identify Provider), and OptiSigns will be working as the SP(Service Provider). We supported both IDP initiated SSO and SP initiated SSO.
Please refer to this article for how to set up the IDP initiated SSO and how to configure the SAML with OptiSigns and Azure. SP initiated SSO requires the SP to send a SAML request to IDP to start the authentication process, the setup will be the same as IDP initiated SSO on Azure side. But it is slightly different on OptiSigns. This article will only cover the difference on the SP initiated SSO.
To setup SP initiated SSO, there are 2 major differences compared with IDP initiated SSO.
1. Enable SP-Initiated processing
Go to SAML Single Sign On setting page:
2. Set the SAML Endpoint and Entity ID for SP-initiated SSO.
Under the Setup SAML Authentication section in SAML Single Sign On setting page, we will need to update the SAML 2.0 Endpoint, and Identify Provider Issuer. These values are different for SP initiated SSO.
The SAML2.0 Endpoint is the Logon URL in the Azure OptiSigns application SSO setting.
The Identity Provider Issuer will be the application ID from Azure.
Public certificate is the same as the IDP initiated SSO.
To get the Logon URL from Azure, go to the Single sign-on setting in the enterprise application.
To get the application ID, go to the properties of your enterprise application.
You have enabled SP-initiated SSO for OptiSigns with Azure AD.