Azure Active Directory SAML Integration Guide Overview

Note: Pivotal Platform is now part of VMware Tanzu. In v1.12 and later, Pivotal Single Sign‑On is named Single Sign‑On for VMware Tanzu Application Service.

Page last updated:

This documentation introduces how to set up Azure Active Directory (Azure AD) with Security Assertion Markup Language (SAML) as the identity provider for Single Sign‑On for VMware Tanzu Application Service.

Azure Active Directory (Azure AD) is Microsoft’s multi-tenant cloud based directory and identity management service.

For how to set up Azure AD with Open ID Connect (OIDC), see Azure Active Directory OIDC Integration Guide.

Prerequisites

To integrate Azure AD with Ops Manager, you must have the following:

  • An Azure AD subscription
  • A user with admin privileges

Note: To configure SAML, you must have the Single Sign-On service broker installed on your Ops Manager deployment. You need to create a plan, grant any plan administrators, and specify any organizations this plan should be the authentication authority for. For help configuring plans, see the Manage Service Plans topic.

Azure AD Integration Guide

Configuring Azure AD with Single Sign‑On

Complete both steps below to integrate your deployment with Azure AD and Single Sign‑On.

  1. Configure Azure AD as a SAML Identity Provider
  2. Configure a Single Sign‑On Service Provider

Testing and Troubleshooting