Today I was trying to configure the Single Sign On setup for Salesforce tenant with an Azure AD infrastructure. Usually I will try the custom based app for any SSO configuration. I wanted to try something different this time, so I was trying to lookup the application directory in the Azure portal to see if it is already available or not. Great!! It is available in the gallery when I did a lookup (forget about the already been added message as I took this screenshot after I configured the application 🙂)
This gave me some relief as I don’t want to worry about Identifiers or endpoint URL. I just got the SSO URL from my salesforce vendor and entered the same in Sign on URL field under the configure app settings.
If you are wondering how I managed to configure the application there is a detailed step by step article provided by Microsoft for this setup as the app is available in the gallery. For your convenience I am attaching the link here – https://azure.microsoft.com/en-gb/documentation/articles/active-directory-saas-salesforce-tutorial/
After the configuration on Azure end, I have also configured the SSO setup at Salesforce end.
As you see, the configuration is fairly simple when compared to configuring the ADFS infrastructure for any given application to complete the SSO setup. Since I tried the Salesforce setup from the gallery, I ended up in facing the SSO error. After the configuration, I tried to access the SSO page. Salesforce redirected the request to Azure login page which is a good sign!! Then I entered my email address a.k.a my username in Azure login page and hit TAB key. After the successful authentication of our internal ADFS server (I am using ADFS instead of password hash sync) I got the following error message stating that “Application with identifier <URL> was not found in the directory”
This clearly seems to be an issue with Azure configuration. In spite of adding the SSO URL in the application configuration, Azure is not recognizing the identifiers. Usually in the custom based app configuration we will add the identifiers and end point URL but not for the application which is available in the gallery, however Azure still expecting the Identifiers to be entered in the configuration page.
Yes… Indeed!! By now you could have guessed the resolution. We need to enter the identifiers URL info. It will be available in the “Show advanced settings (Optional)” section. As a matter of fact, this is an optional and not a mandatory settings. Still Azure expecting this parameter. Not good haan!!! Until I added this information, this application is not getting registered in the Azure AD. Once I have added the Identifiers URL, the SSO seems to be working great.
It should be a bug in Azure at the time of writing this article. I am planning to get in touch with Azure support to find why it is expecting some parameter which is an optional one. Let me know if you have any thoughts on the same through comments. I will try to update this article if I get any interesting information from Azure support regarding this issue. Happy learning 🙂