You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In a multiple AWS instances scenario, it used to be required to make the AWS identifier URI unique by adding "#" and any unique value.
This is still mentioned in the AAD tutorial for AWS here
This doc should make clear if for AWS a unique identifier is still required or not.
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
ID: aa04cf91-e1eb-5b59-f85f-1cb46a08f40b
Version Independent ID: a4aff3ba-9c3f-71c5-bf8b-a4101b94b073
@MrAzureAD Adding "#" and followed by a unique number is required only when there are multiple instances of Amazon Web Services (AWS) enterprise application added to the same Azure AD tenant.
The reason is Identifier (Entity ID) should be unique for every Enterprise Application. You cannot use "https://signin.aws.amazon.com/saml" as identifier in multiple instances of Amazon Web Services (AWS) app. So, if there are 2 instances of AWS app, we add #1 and #2 at the end of the Identifier url. Azure AD eventually removes the value of # and sends https://signin.aws.amazon.com/saml as the audience URL in the token.
In short, using #Number is not mandatory in Identifier. It needs to be used only when there are multiple instances of AWS in same tenant. If there is only one instance, you do not need to specify that. Since this document is providing general guidelines to automate SAML-based SSO app configuration with Microsoft Graph API, and a single instance of AWS app is used as an example.
Adding all this information would confuse the readers working with other applications.
Understood. However the example is AWS and AWS is one of the major use cases why to use automated creation of AAD apps. So from that perspective, I would like this fact being mentioned.
On the other hand, Azure portal prevents duplicate entity IDs from being set - the automation does not prevent it, but it will not work and frustrate users.
In a multiple AWS instances scenario, it used to be required to make the AWS identifier URI unique by adding "#" and any unique value.
This is still mentioned in the AAD tutorial for AWS here
This doc should make clear if for AWS a unique identifier is still required or not.
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
The text was updated successfully, but these errors were encountered: