This topic describes how an administrator can test the connection between SSO and Azure Active Directory (AD). An administrator can test both service provider and identity provider connections.
Log in to Azure AD at https://portal.azure.com/.
Navigate to Azure Active Directory > Enterprise Applications.
Select your application and navigate to Single Sign-on > Test SAML settings.
Select the user that you want to log in as.
If you have setup all configuration correctly, you should see something like the images below. Otherwise, you should see some meaningful error message.
Log in to Apps Manager at
https://apps.YOUR-SYSTEM-DOMAINand navigate to the organization and space where your application is located.
Under Services, locate the service instance of the Single Sign-On (SSO) plan bound to your application. Click on the service instance and click Manage.
Under the Apps tab, click your application.
Under Identity Providers, select the Azure AD identity provider.
Return to Apps Manager and click on the URL below your application to be redirected to the identity provider to authenticate.
Click the link.
On the identity provider sign-in page, enter your credentials and click Sign In.
The application asks for authorization to the necessary scopes. Click Authorize.
The access token and ID token displays.
Note: SSO does not support identity provider-initiated flow into applications, but it does redirect the user to the User Account and Authentication (UAA) page to select applications assigned to the user.
Sign in to Azure AD.
Navigate to your application and click it.
You are redirected to the page that lists applications you have access to.
Test single sign-off to ensure that when users log out of the application, they are logged out of Azure AD as well.
- Sign into the sample application. Information about the access and ID token displays, as well as the “What do you want to do?” section.
Under “What do you want to do?”, click Log out.
You are logged out and redirected to the Azure AD login page.